Content
(MS08-022) Microsoft VBScript and JScript Remote Code Execution Vulnerability (944338)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2008-0083,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 Sp4,
- Windows Xp Sp2,
- Windows 2003 Sp2,
- Summary
- A vulnerability in Microsoft Windows may allow for remote code-execution attacks. A user would have to visit a malicious Web site for an attack to occur.
Tab Navigation
Description
Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for remote code-execution attacks. The vulnerability lies in the VBScript and JScript scripting engine. A specially crafted Web page could exploit this vulnerability. A user would have to visit a malicious Web site for an attack to occur.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (944338): http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-022) Microsoft VBScript and JScript Remote Code Execution Vulnerability (944338)
- Signature identifier:
- 5808
- Release date:
- 4/8/2008
Additional Resources
Microsoft Security Bulletin: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx
All Information
Timeline -
2/12/2008
Vendor has provided a patch.
Description -
Windows is an industry-standard operating system developed by Microsoft. A vulnerability in Microsoft Windows may allow for remote code-execution attacks. The vulnerability lies in the VBScript and JScript scripting engine. A specially crafted Web page could exploit this vulnerability. A user would have to visit a malicious Web site for an attack to occur.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (944338): http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS08-022) Microsoft VBScript and JScript Remote Code Execution Vulnerability (944338)
- Signature identifier:
- 5808
- Release date:
- 4/8/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx
