Microsoft Windows JScript / VBScript ASLR Two Security Bypass Security Issues


Description   Two security issues have been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.
1) An error within the VBScript engine when handling capturing groups in regular expressions can be exploited to disclose contents of otherwise restricted process memory and bypass ASLR.
2) An error within the JScript and VBScript engines can be exploited to bypass ASLR.
     
Vulnerable Products   Vulnerable OS:
Microsoft Windows Server 2003 Datacenter EditionMicrosoft Windows Server 2003 Enterprise EditionMicrosoft Windows Server 2003 Standard EditionMicrosoft Windows Server 2003 Web EditionMicrosoft Windows Server 2008Microsoft Windows Storage Server 2003Microsoft Windows VistaVulnerable Software:
     
Solution   Apply update.Windows Server 2003 Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=d9768e49-7b67-4419-a0f9-681fca7ee41aWindows Server 2003 Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=f3fa91b7-6c75-46e6-99b9-a0a34df2d280Windows Server 2003 x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=d8802934-2e41-413b-806a-451787995739Windows Server 2003 x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=ac40917e-2b24-4f19-90d8-51b1cf9efa2dWindows Server 2003 with SP2 for Itanium-based Systems:https://www.microsoft.com/downloads/details.aspx?FamilyID=0137987e-fada-4038-af9a-8ed865930847Windows Server 2003 with SP2 for Itanium-based Systems:https://www.microsoft.com/downloads/details.aspx?FamilyID=2c9b3d6b-1603-4ce5-8d62-fedc3e76247aWindows Vista Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=fa2b05e3-7acc-4174-817b-cdf5144ed77aWindows Vista x64 Edition Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=5fae5e65-f8d1-4e34-ae80-54df23a9bfb1Windows Server 2008 for 32-bit Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=1efb474c-5163-48ac-8ef4-80de15f93809Windows Server 2008 for x64-based Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=694f56c7-e601-4b60-a162-88805e7cdd4bWindows Server 2008 for Itanium-based Systems Service Pack 2:https://www.microsoft.com/downloads/details.aspx?FamilyID=17364a94-2cdb-4089-a359-57a90eaa45b6Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation):https://www.microsoft.com/downloads/details.aspx?FamilyID=1efb474c-5163-48ac-8ef4-80de15f93809Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation):https://www.microsoft.com/downloads/details.aspx?FamilyID=694f56c7-e601-4b60-a162-88805e7cdd4bWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation):https://www.microsoft.com/downloads/details.aspx?FamilyID=399831a3-811e-453b-907e-c531a853f388
     
CVE   CVE-2015-1686
CVE-2015-1684
     
References   MS15-053 (KB3050941
KB3050945
KB3050946):
https://technet.microsoft.com/library/security/MS15-053
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-15-183/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Web 2.0 : Detection of visual basic script embedded in web page
5.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-05-12 

 Target Type 
Client 

 Possible exploit 
Remote