Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	04/09/2008
Severity:	High
Operating Systems Affected:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Storage Server 2003 Microsoft Windows XP Home Edition Microsoft Windows XP Professional
Applications Affected:	VBScript 5.6 and earlier JScript 5.6 and earlier

Synopsis

Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user supplied input.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-022.mspx

Threat Analysis

The vulnerability is caused due to a boundary error within the VBScript and JScript scripting engines when decoding scripts in web pages. This can be exploited to cause a buffer overflow via e.g. a website containing specially crafted scripts.

Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary code to run with the privileges of the victim.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0083
http://www.securityfocus.com/bid/28551

Write-up by: Aditya Chaturvedi

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |