RASTABT
1
March 20th, 2003, 12:32 AM
A serious security vulnerability has been discovered in the Windows Scripting Engine, found in all versions of Windows. The flaw lies in the engine's processing of JScript, which allows for an attacker to execute potentially malicious code from a simple Web site or HTML laden e-mail.
The specific vulnerability is a buffer overflow caused by a heap overflow in the JScript.dll file. The Windows Scripting Engine does not correctly size a buffering during a memory operation, which could lead to the overflow and execution of code with user permissions.
Windows 95 is not listed as an affected operating system, but only because the product is no longer supported by Microsoft.
Microsoft has issued a patch to correct the flaw and recommends all users immediately update their systems. The fix will also be included with Windows 2000 Service Pack 4 and Windows XP SP2. More information on the flaw and patches for each affected platform may be found in the security bulletin on Microsoft TechNet
Source: By Nate Mook, BetaNews
A serious security vulnerability has been discovered in the Windows Scripting Engine, found in all versions of Windows. The flaw lies in the engine's processing of JScript, which allows for an attacker to execute potentially malicious code from a simple Web site or HTML laden e-mail.
The specific vulnerability is a buffer overflow caused by a heap overflow in the JScript.dll file. The Windows Scripting Engine does not correctly size a buffering during a memory operation, which could lead to the overflow and execution of code with user permissions.
Windows 95 is not listed as an affected operating system, but only because the product is no longer supported by Microsoft.
Microsoft has issued a patch to correct the flaw and recommends all users immediately update their systems. The fix will also be included with Windows 2000 Service Pack 4 and Windows XP SP2. More information on the flaw and patches for each affected platform may be found in the security bulletin on Microsoft TechNet
Source: By Nate Mook, BetaNews