New Critical Windows Flaw Patched

March 20th, 2003, 12:32 AM

A serious security vulnerability has been discovered in the Windows Scripting Engine, found in all versions of Windows. The flaw lies in the engine's processing of JScript, which allows for an attacker to execute potentially malicious code from a simple Web site or HTML laden e-mail.

The specific vulnerability is a buffer overflow caused by a heap overflow in the JScript.dll file. The Windows Scripting Engine does not correctly size a buffering during a memory operation, which could lead to the overflow and execution of code with user permissions.

Windows 95 is not listed as an affected operating system, but only because the product is no longer supported by Microsoft.

Microsoft has issued a patch to correct the flaw and recommends all users immediately update their systems. The fix will also be included with Windows 2000 Service Pack 4 and Windows XP SP2. More information on the flaw and patches for each affected platform may be found in the security bulletin on Microsoft TechNet

Source: By Nate Mook, BetaNews
 
NOW heres me thinking that they found the ultimate patch for windows ...... any flavour of LINUX lmao :)

thansk for the infor there RASTA :)
 
The penguins will rule thw world someday & the funny thing is micrsh**e is gladly helping them cause i think their new pallidum system drive people away in droves

Just a thought

BaNzI:)
 
really?

I thought it was all operator erros and I was VERY dum.

Haven't checked for updates in ages, have the updates DIS-abled in start up.
 
Top