Microsoft JScript And VBScript Scripting Engines Information Disclosure Vulnerability (2475792) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-009.

Impact

Successful exploitation will allow remote attackers to gain access to sensitive information that may aid in further attacks. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-009

Insight

The flaw is caused by a memory corruption error in the JScript and VBScript scripting engines when processing scripts in Web pages.

Affected

Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/43249/
http://technet.microsoft.com/en-us/security/bulletin/ms11-009
http://www.vupen.com/english/advisories/2011/0322

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0031

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft iSCSI Denial of Service Vulnerabilities (2962485)
Microsoft Outlook Information Disclosure Vulnerability (2894514)
Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)
Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)
Microsoft Office Security Feature Bypass Vulnerability (3033857)

Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)

Take action and discover your vulnerabilities