SNS Vulnerability

Microsoft VBScript Scripting Engine Memory Corruption Vulnerability Fixed by MS15-065 and MS15-066

Description

A vulnerability was reported in VBScript scripting engine.
A remote attacker could exploit them by enticing their victim into opening a specially formed web page or Office document in order to execute arbitrary code with victim's rights.
This vulnerability is due to an improper handling of objects in memory

Vulnerable Products

Vulnerable OS:
Windows 2003 (Microsoft) - Server 64-Bit Edition SP2, Server SP2, Itanium-based Server SP2, Server 64-Bit Edition SP2, Server SP2Windows 2008 (Microsoft) - Server SP2, X64 Edition SP2, Server SP2, X64 Edition SP2, Itanium-based Server SP2, Server SP2, X64 Edition SP2Windows 2008 R2 (Microsoft) - X64-systems SP1, X64-systems SP1, Itanium systems SP1, X64-systems SP1, X64-systems SP1Windows 2012 (Microsoft) - ServerWindows 2012 R2 (Microsoft) - ServerWindows 7 (Microsoft) - 32-bit SP1, X64 systems SP1, 32-bit SP1, X64 systems SP1, 32-bit SP1, X64 systems SP1, 32-bit SP1, X64 systems SP1Windows 8 (Microsoft) - 32-bit Systems, 64-bit Systems, 8.1 32-bit Systems, 8.1 64-bit SystemsWindows 8 RT (Microsoft) - [RT], 8.1Windows Vista (Microsoft) - 32 bits SP2, X64 Edition SP2, 32 bits SP2, X64 Edition SP2, 32 bits SP2, X64 Edition SP2Vulnerable Software:

Solution

Microsoft has released MS15-065 (Internet Explorer 8 to 11) and MS15-066 (Internet Explorer 6 to 8) security bulletins which fixes this vulnerability and replaces MS15-019 and MS15-056 bulletins.Workaround:Restrict access to "VBScript.dll" library:* For 32 bits systems:takeown /f %windir%\system32\vbscript.dll cacls %windir%\system32\vbscript.dll /E /P everyone:N- Undo:cacls %windir%\system32\vbscript.dll /E /R everyone* For 64 bits systems:takeown /f %windir%\syswow64\vbscript.dll cacls %windir%\syswow64\vbscript.dll /E /P everyone:N- Undo:cacls %windir%\syswow64\vbscript.dll /E /R everyone

CVE

CVE-2015-2372

References

- MS15-065 : Security Update for Internet Explorer
https://technet.microsoft.com/en-us/library/security/MS15-065
MS15-066 : Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
https://technet.microsoft.com/en-us/library/security/MS15-066

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Web 2.0 : Detection of visual basic script embedded in web page	5.0.0

Risk level

High

Vulnerability First Public Report Date

2015-07-14

Target Type

Client

Possible exploit

Remote