ATTN: Flaw in Scripting Host

Steve Bernard sbernard at
Thu Mar 20 00:27:27 GMT 2003

Flaw in Windows Script Engine Could Allow Code Execution


Microsoft Security Bulletin MS03-008

Originally posted: March 19, 2003

Who should read this bulletin: Customers using Microsoft® Windows®.

Impact of vulnerability: Run Code of Attacker’s Choice

Maximum Severity Rating: Critical

Recommendation: Customers should install the patch immediately.

What’s the scope of the vulnerability?

This is a buffer overrun vulnerability. An attacker who successfully 
exploited this vulnerability could cause code of his or her choice to be 
executed as though it originated on the local machine.

What causes the vulnerability?

The vulnerability is caused by a heap overflow in the Windows Script 
Engine for the JScript scripting language, JScript.dll.


Steve Bernard
Sr. Systems Engineer, NET
George Mason University
Fairfax, Virginia

More information about the unisog mailing list