JScript and VBScript engines' vulnerability could allow remote code execution
Report ID: MS201208005
Date Published: 15 August 2012
Compromise Type: remote-code-execution
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
A vulnerability that exists in JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.
Microsoft has released a security update that addresses a vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows operating system. The vulnerability, which was a result of incorrect calculation of the size of an object in memory during a copy operation, could be exploited by an attacker to execute code on a compromised system in the context of the current user.
The latest security update fixes this issue by introducing modification in the way that JScript and VBScript handle objects in memory. Users are recommended to install the latest update to protect their system from potential exploit attemtps.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-056)