Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

JScript and VBScript engines' vulnerability could allow remote code execution


Report ID: MS201208005
Date Published: 15 August 2012

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

A vulnerability that exists in JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.



Detailed Description

Microsoft has released a security update that addresses a vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows operating system. The vulnerability, which was a result of incorrect calculation of the size of an object in memory during a copy operation, could be exploited by an attacker to execute code on a compromised system in the context of the current user.

The latest security update fixes this issue by introducing modification in the way that JScript and VBScript handle objects in memory. Users are recommended to install the latest update to protect their system from potential exploit attemtps.



CVE Reference

CVE-2012-2523



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-056)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.