Jump to content
charles77

Blocking VBscript in static local files installed in Program Files folder

Recommended Posts

 

Hi

When Internet Download Manager (IDM) from http://www.internetdownloadmanager.com is installed, and when trying to use "Download with IDM" right click menu item in Internet Explorer 11, your new feature (Application Hardening) blocks VB script in a static html page stored on local drive. Specifically it blocks C:\Program Files (x86)\Internet Download Manager\IEExt.htm and C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
files, and it names this action as blocking an exploit

May you please clarify when it became an exploit, and how it can be exploited? How a malefactor can use this exploit on a customer computer? These script files are a part of IDM distribution, and they call ActiveX components, which were installed by IDM installer during IDM installation. It’s not possible for a malefactor to change these VBscript files or ActiveX components without administrative rights. If he has such rights, he will not need to modify or use these scripts and files.

Regards,

Charles Jones
Tonec Inc.

 

malware1.jpg

malware2.jpg

Share this post


Link to post
Share on other sites

Hello Charles77,

 

We want to have you collect some logs so we can look into this issue further. I want to have you collect two logs from these directories:

C:\ProgramData\Malwarebytes\MBAMService\mbae-default.log

C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.log

The directory is hidden by default so you might have to click on "View -> Hidden items" in Explorer to see it.   There is also a post here from Microsoft on how to do this for the more recent OS: https://support.microsoft.com/en-us/help/14201/windows-show-hidden-files

Once you get those, go ahead and send it over to me and we should be able to give you a better answer for this. 

Share this post


Link to post
Share on other sites

VB Scripting has been decomissioned by Microsoft some time ago due to the insecurities it introduces.

In fact during all of 2016 Exploit Kits were heavily abusing outdated computers with VBScript in order to exploit machines and execute code remotely on them. It is advisable that you do not use any products or applications that rely on VBScript.

Alternatively you can disable the VBScript enforcement technique in MB3 -> Settings -> Protection -> Advanced Settings -> Application Hardening, but it is probably safer to find an alternative to IDM that doesn't leave you more exposed to exploits.

 

 

Share this post


Link to post
Share on other sites

Hi

Rsullinger, we will send log files once we receive them from our user who complained first.

Pbust, please don't write general, obvious, and well known things about VBscript. Most people who read this post know that there are several security problems.

Please re-read the initial post. How the execution of VBScript can be exploited in this particular case? VBscript below is stored on hdd, and you need administrative rights to change it.

<script language="VBScript">
    set IDMLinksProcessor=CreateObject("IDMGetAll.IDMAllLinksProcessor")
    if err<>0 then
        MsgBox("IDM is not installed properly!"+ vbCrLf+"Please Install IDM again")
    else
        IDMLinksProcessor.Execute external.menuArguments
        end if
</script>

Note that you block our right click menu item in IE browser

Thank you

Regards,

Charles

Share this post


Link to post
Share on other sites


Hi charles77,

We have a blanket protection for VBScripting for all the security reasons that pbust mentioned above. We do understand your concerns, this one case of yours might not be exploitable since it is static and stored on your hdd. But on the whole it is widely infamous for the insecurities it poses, as you very well know.

You have an alternative though.

You can turn it off by going to Malwarebytes->Settings->Protection->Advanced Settings and turn off the setting marked in red.

Thank you.

 

screenshot.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.