Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10

Discussion in 'Tech news' started by silversurfer, Dec 19, 2017.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    Google’s Project Zero released details of a local proof-of-concept attack against a fully patched Windows 10 PC that allows an adversary to execute untrusted JavaScript outside a sandboxed environment on targeted systems.

    The attack is a variation of a WPAD/PAC attack. In Project Zero’s case, the WPAD/PAC attack focuses on chaining several vulnerabilities together relating to the PAC and a Microsoft JScript.dll file in order to gain remote command execution on a victim’s machine.

    “We identified 7 security vulnerabilities in (JScript.dll) and successfully demonstrated reliable code execution from local network (and beyond) against a fully patched (at the time of writing) Windows 10 64-bit with Fall Creators Update installed,” wrote Project Zero researchers on the teams’ website Monday.

    Trim, daljeet and RGiskardR like this.
  2. Google Adsense

Share This Page