A Beginner's Guide to Understanding Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8174)
Introduction
CVE-2018-8174 is a VBScript vulnerability which was found being exploited in the wild. The unique event related to this vulnerability is, though it is a VBScript vulnerability, it was found being exploited using MS Office. There is a blogpost by Qihoo 360 [1] performing a thorough analysis on Exploit Delivery, Vulnerability Root Cause, Exploitation Strategy, Payload etc. There is also a good blogpost from Kaspersky [2] where they have done a deeper analysis of the vulnerability. This post will focus on various techniques of reverse engineering internals of Windows VBScript Engine, to understand the vulnerability better.