The GrimResource command execution attack exploits a Windows cross-site scripting vulnerability that has remained unpatched since 2018, making it a serious threat to cybersecurity.
The GrimResource attack exploits an old DOM-based cross-site scripting (XSS) flaw in the 'apds.dll' library, allowing the execution of arbitrary JavaScript through a crafted URL. Microsoft did not immediately fix the vulnerability, and as of March 2019, it remained unpatched. The attack involves using the XSS flaw in combination with the 'DotNetToJScript' technique to execute arbitrary .NET code. The malicious MSC file distributed by attackers references the vulnerable APDS resource in the StringTable section, triggering JS execution in the context of 'mmc.exe.'
