JScript and VBScript engines' vulnerability could allow remote code execution
Report ID: MS201208005
Date Published: 15 August 2012
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Summary
A vulnerability that exists in JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.
Detailed Description
Microsoft has released a security update that addresses a vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows operating system. The vulnerability, which was a result of incorrect calculation of the size of an object in memory during a copy operation, could be exploited by an attacker to execute code on a compromised system in the context of the current user.
The latest security update fixes this issue by introducing modification in the way that JScript and VBScript handle objects in memory. Users are recommended to install the latest update to protect their system from potential exploit attemtps.
CVE Reference
CVE-2012-2523
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-056)
