Microsoft JScript/VBScript and IE Multiple Memory Corruption Vulnerabilities Fixed by MS16-063/69


Description   (:Several memory corruption vulnerabilities have been identified in JScript/VBScript and Internet Explorer.:A remote attacker could exploit them by enticing the victim into visiting a specially crafted website in order to execute arbitrary code.)
     
Vulnerable Products   Vulnerable OS:
Windows 2008 (Microsoft) - Itanium-based Server SP2, Server SP2, X64 Edition SP2Windows 2008 R2 (Microsoft) - X64-systems SP1Windows Vista (Microsoft) - 32 bits SP2, X64 Edition SP2Vulnerable Software:
Internet Explorer (Microsoft) - 10, 11, 11, 11, 11, ..., 11, 9.0, 9.0, 9.0, 9.0
     
Solution   Microsoft has released security bulletins MS16-063 and MS16-069 which fix these vulnerabilities and replace the MS16-051 and MS16-053 bulletins.
     
CVE   CVE-2016-3207
CVE-2016-3206
CVE-2016-3205
     
References   - MS16-063 : Mise à jour de sécurité cumulative pour Internet Explorer (3163649)
https://technet.microsoft.com/library/security/MS16-063
- MS16-069 : Mise à jour de sécurité cumulative pour JScript et VBScript (3163640)
https://technet.microsoft.com/library/security/MS16-069
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Web 2.0 : Detection of visual basic script embedded in web page
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2016-06-14 

 Target Type 
Client 

 Possible exploit 
Remote