Microsoft VBScript and JScript Memory Corruption Vulnerability Fixed by MS16-084 and MS16-086


Description   (:A vulnerability was reported in Microsoft JScript and VBScript scripting engines.:A remote attacker could exploit it by enticing their victim into visiting a malicious website in order to execute arbitrary code with victim's privileges.::This vulnerability is due to an improper handling of objects in memory.)
     
Vulnerable Products   Vulnerable OS:
Windows 2008 (Microsoft) - Itanium-based Server SP2, Server SP2, X64 Edition SP2Windows Vista (Microsoft) - 32 bits SP2, X64 Edition SP2Vulnerable Software:
Internet Explorer (Microsoft) - 10, 11, 11, 11, 11, ..., 11, 9.0, 9.0, 9.0, 9.0
     
Solution   cacls %windir%\syswow64\jscript.dll /E /R everyone
     
CVE   CVE-2016-3204
     
References   - MS16-084 : Cumulative Security Update for Internet Explorer
https://technet.microsoft.com/library/en-us/security/MS16-084
- MS16-086 : Cumulative Security Update for JScript and VBScript
https://technet.microsoft.com/library/en-us/security/MS16-086
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Web 2.0 : Detection of visual basic script embedded in web page
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2016-07-12 

 Target Type 
Client 

 Possible exploit 
Remote