فا

‫ Microsoft Windows JScript / VBScript Multiple Vulnerabilities

 

ID: IRCAD2015104116

Release Date: 2015-10-13

Software:

Microsoft Windows Server 2008

Microsoft Windows Vista

Description:

Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) A use-after-free error when recompiling the regular expression pattern during a replace can be exploited to cause memory corruption.

2) An error related to the Filter function can be exploited to cause memory corruption.

Successful exploitation of vulnerabilities #1 and #2 may allow execution of arbitrary code.

3) An unspecified error can be exploited to bypass the ASLR security feature.

4) An unspecified error can be exploited to disclose certain memory contents.

Solution

Apply update.

References:

Microsoft (KB3089659, KB3094995, KB3094996):

https://technet.microsoft.com/en-us/library/security/MS15-108

Skylined:

http://seclists.org/fulldisclosure/2015/Oct/54

ZDI:

http://www.zerodayinitiative.com/advisories/ZDI-15-515/

http://www.zerodayinitiative.com/advisories/ZDI-15-521/

Secunia:

https://secunia.com/advisories/66843/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 مهر 1394

امتیاز

امتیاز شما
تعداد امتیازها:0