Microsoft Internet Explorer 9 Windows Vista Denial Of Service Execute Code Overflow Memory Corruption Vulnerability
8 Sep. 2016
The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
* Microsoft Internet Explorer 9
* MicrosoftI nternet Explorer 10
* MicrosoftI nternet Explorer 11
This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for affected versions of the JScript and VBScript scripting engines on supported releases of Windows Vista, and Moderate on Windows Server 2008 and Windows Server 2008 R2.