KLA10828
Code execution vulnerabilities in Microsoft JScript and VBScript
Обновлено: 17/06/2019
Дата обнаружения
14/06/2016
Уровень угрозы
High
Описание

An improper memory objects handling was found in Microsoft VBScript and JScript. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed content.


Technical details

To mitigate this vulnerability you can restrict access to VBScript.dll and JScript.dll. For further instructions take a look at original advisory listed below.

Пораженные продукты

Microsoft VBScript 5.7 and 5.8
Microsoft JScript 5.8

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2016-3207
CVE-2016-3206
CVE-2016-3205
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Связанные продукты
Microsoft VBScript engine
CVE-IDS
CVE-2016-32077.6Critical
CVE-2016-32067.6Critical
CVE-2016-32057.6Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

3158364
3163640
3158363
3160005