ATTN: Flaw in Scripting Host
sbernard at gmu.edu
Thu Mar 20 00:27:27 GMT 2003
Flaw in Windows Script Engine Could Allow Code Execution
Microsoft Security Bulletin MS03-008
Originally posted: March 19, 2003
Who should read this bulletin: Customers using Microsoft® Windows®.
Impact of vulnerability: Run Code of Attacker’s Choice
Maximum Severity Rating: Critical
Recommendation: Customers should install the patch immediately.
What’s the scope of the vulnerability?
This is a buffer overrun vulnerability. An attacker who successfully
exploited this vulnerability could cause code of his or her choice to be
executed as though it originated on the local machine.
What causes the vulnerability?
The vulnerability is caused by a heap overflow in the Windows Script
Engine for the JScript scripting language, JScript.dll.
Sr. Systems Engineer, NET
George Mason University
More information about the unisog