The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Credit:
The information has been provided by Simon Zuckerbraun, working with HP ??s Zero Day Initiative, chenxuebin@360.cn, An anonymous researcher, working with HP ??s Zero Day Initiative, and Yuki Chen of Qihoo 360Vulcan Team..
Vulnerable Systems:
* Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engine
Microsoft VBScript and JScript are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can take advantage of this vulnerability to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.