Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Windows Script Engine JScript.DLL heap overflow

Microsoft Windows Script Engine JScript.DLL heap overflow

by Nikola Strahija on March 27th, 2003 It has been reported that a heap overflow vulnerability exists in the Microsoft Script Engine for JScript. Execution of arbitrary instructions is possible.


Exploitation may occur through a malicious web page or through HTML e-mail and will result in execution of arbitrary instructions in the context of a client application which invokes the script engine.


Vulnerable
- Microsoft Windows XP (Home and Professinal)
- Microsft Windows 2000 (Professional, Server, Advanced Server, Datacenter Server, Terminal Services)
- Microsoft Windows 98 (and SE)
- Microsoft Windows ME
- Microsoft Windows NT 4.0 (Workstation,Enterprise Server, Server, Terminal Server)


Solution:
Microsoft Windows 2000 and XP family:
- http://microsoft.com/downloads/details.aspx?FamilyId=824B1BD4-B4D6-49D5-8C58-199BDC731B64&displaylang=en

Microsoft Windows NT 4.0 family:
- http://microsoft.com/downloads/details.aspx?FamilyId=C6504FD9-5E2C-45BF-9424-55D7C5D2221B&displaylang=en

Microsft Windows 98 and ME family:
- http://microsoft.com/downloads/details.aspx?FamilyId=C6504FD9-5E2C-45BF-9424-55D7C5D2221B&displaylang=en

Discovered by:
Roland Postle, mail (at) blazde.co.uk


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »