Microsoft JScript and VBScript Scripting Engines Security Feature Bypass Vulnerabilities
Last Update Date:
13 May 2015 14:36
Release Date:
13 May 2015
3250
Views
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
- VBScript ASLR Bypass
A security feature bypass exists when the VBScript engine fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system. - VBScript and JScript ASLR Bypass
A security feature bypass exists when the JScript and VBScript engines fail to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.
Impact
- Security Restriction Bypass
System / Technologies affected
- JScript 5.6, 5.7, 5.8
- VBScript 5.6, 5.7, 5.8
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS15-053
Vulnerability Identifier
Source
Related Link
Share with