Microsoft VBScript and JScript Engines Multiple Vulnerabilities Fixed by MS15-124 and MS15-126


Description   (#Several vulnerabilities have been identified in JScript and VBScript Scripting Engines:#- CVE-2015-6135: use-after-free. A remote attacker could exploit it in order to disclose the contents of memory. This vulnerability stems from an improper implementation of the VBScript "CreateObject()" function##- CVE-2015-6136: use-after-free. A remote attacker could exploit them by enticing their victim into visiting a specially formed web page in order to execute arbitrary code with victim's rights. This vulnerability stems from an improper implementation of VBScript "StrComp()", "Split()", "Replace()", "InStr()", "InStrRev()", "InStrB()", "Filter()", "Join()" and "CreateObject()" functions.)
     
Vulnerable Products   Vulnerable OS:
Windows 2008 (Microsoft) - Itanium-based Server SP2, Server SP2, X64 Edition SP2Windows 2008 R2 (Microsoft) - X64-systems SP1Windows Vista (Microsoft) - 32 bits SP2, X64 Edition SP2Vulnerable Software:
Internet Explorer (Microsoft) - 10, 10, 10, 10, 10, ..., 9.0, 9.0, 9.0, 9.0, 9.0
     
Solution   cacls %windir%\syswow64\jscript.dll /E /R everyone
     
CVE   CVE-2015-6136
CVE-2015-6135
     
References   - MS15-124 : Cumulative Security Update for Internet Explorer
https://technet.microsoft.com/library/en-us/security/MS15-124
- MS15-126 : Cumulative Security Update for JScript and VBScript to Address Remote Code Execution
https://technet.microsoft.com/library/en-us/security/MS15-126
- ZDI-15-597 : Microsoft Windows VBScript StrComp Function Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-597/
- ZDI-15-596 : Microsoft Windows VBScript Split Function Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-596/
- ZDI-15-595 : Microsoft Windows VBScript Replace Function Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-595/
- ZDI-15-594 : Microsoft Windows VBScript InStr/InStrRev Functions Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-594/
- ZDI-15-593 : Microsoft Windows VBScript InStrB Function Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-593/
- ZDI-15-592 : Microsoft Windows VBScript Filter Function Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-592/
- ZDI-15-591 : Microsoft Windows VBScript Join Function Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-591/
- ZDI-15-586 : Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-15-586/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Web 2.0 : Detection of visual basic script embedded in web page
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2015-12-08 

 Target Type 
Client 

 Possible exploit 
Remote