Windows : Microsoft Bulletins : Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902501

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS11-031.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS11-031.

Vulnerability Insight:
The flaw is caused by an integer overflow error in the JScript and VBScript
scripting engines when reallocating memory while decoding a script in order
to run it, which could be exploited by remote attackers to execute arbitrary
code via a malicious web page.

Vulnerability Impact:
Successful exploitation could allow remote attackers to crash an affected
system or execute arbitrary code by tricking a user into visiting a specially
crafted web page.

Affected Software/OS:
- Microsoft Windows 7 Service Pack 1 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 2 and prior

- Microsoft Windows Server 2008 Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-0663
BugTraq ID: 47249
http://www.securityfocus.com/bid/47249
Cert/CC Advisory: TA11-102A
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Microsoft Security Bulletin: MS11-031
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031
http://osvdb.org/71774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673
http://www.securitytracker.com/id?1025333
http://secunia.com/advisories/44162
http://www.vupen.com/english/advisories/2011/0949

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902501
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS11-031.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-031. Vulnerability Insight: The flaw is caused by an integer overflow error in the JScript and VBScript scripting engines when reallocating memory while decoding a script in order to run it, which could be exploited by remote attackers to execute arbitrary code via a malicious web page. Vulnerability Impact: Successful exploitation could allow remote attackers to crash an affected system or execute arbitrary code by tricking a user into visiting a specially crafted web page. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0663 BugTraq ID: 47249 http://www.securityfocus.com/bid/47249 Cert/CC Advisory: TA11-102A http://www.us-cert.gov/cas/techalerts/TA11-102A.html Microsoft Security Bulletin: MS11-031 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031 http://osvdb.org/71774 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673 http://www.securitytracker.com/id?1025333 http://secunia.com/advisories/44162 http://www.vupen.com/english/advisories/2011/0949
Copyright	Copyright (C) 2011 Greenbone AG