CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability

Preface: “I Saw Mommy Kissing Santa Claus” is a famous Christmas song.But perhaps that it is the hacker kissing your Internet Explorer web browser before christmas time. Above description has similarity because both two people are the famous guy in the world.

Detail description:
ChakraCore is the core part of Chakra, the high-performance JavaScript engine that powers Microsoft Edge and Windows IE applications written in HTML/CSS/JS. ChakraCore supports Just-in-time (JIT) compilation of JavaScript for x86/x64/ARM, garbage collection, and a wide range of the latest JavaScript features.

Vulnerability found on 20th Dec 2018:
Microsoft Internet Explorer contains a memory corruption vulnerability in the scripting engine JScript component, which can allow a remote attacker to execute arbitrary code on a vulnerable system.

Workaround: Restrict access to JScript.dll execute following command syntax.
cacls %windir%\system32\jscript.dll /E /P everyone:N
cacls %windir%\syswow64\jscript.dll /E /P everyone:N

Official announcement display in below url: