Microsoft JScript And VBScript Scripting Engines Information Disclosure Vulnerability (2475792) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-009.

Impact

Successful exploitation will allow remote attackers to gain access to sensitive information that may aid in further attacks. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-009

Insight

The flaw is caused by a memory corruption error in the JScript and VBScript scripting engines when processing scripts in Web pages.

Affected

Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/43249/
http://technet.microsoft.com/en-us/security/bulletin/ms11-009
http://www.vupen.com/english/advisories/2011/0322

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0031

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)
Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
Microsoft Office Shared Component Security Bypass Vulnerability (2905238)
Microsoft ISA Server DNS - Denial Of Service (MS03-009)

Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)

Take action and discover your vulnerabilities