Subscribe via feed.

VBScript MSXML Policy Bypass

Posted by deepcore on December 20, 2018 – 3:40 am

Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the VBScript execution policy does not appear to cover VBScript code in MSXML xsl files which can still execute VBScript, even when loaded from the Internet Zone.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »