The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Microsoft VBScript: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of Microsoft VBScript, in order to trigger a denial of service, and possibly to run code.
Severity of this computer vulnerability: 4/4.
Creation date: 15/07/2015.
Références of this announce: 3072604, CERTFR-2015-AVI-301, CVE-2015-2372, MS15-066, VIGILANCE-VUL-17356.

Description of the vulnerability

The VBScript engine is installed on Windows, and it is for example called from Internet Explorer to interpret scripts.

However, a script manipulating a malformed object corrupts the VBScript memory.

An attacker can therefore generate a memory corruption of Microsoft VBScript, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Windows 2003, Windows 2008 R0, Windows Vista.

Our Vigil@nce team determined that the severity of this vulnerability is critical.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat

Microsoft VBScript: patch.
A patch is available in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.