Multiple Integer Overflow Vulnerabilities in Microsoft's Scripting Engines
CVE-2011-0663

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Jscript
Vbscript
Vendor
CVE Published:
13 April 2011

Summary

Multiple vulnerabilities exist in Microsoft's JScript and VBScript engines, where integer overflows can occur due to improper handling of memory allocation. Attackers can exploit these vulnerabilities by crafting malicious web pages that, when accessed, could execute arbitrary code on the affected system. This flaw highlights the risks associated with improper input validation and memory management in scripting environments, posing a significant threat to users who may inadvertently visit the compromised sites.

References

http://www.vupen.com/english/advisories/2011/0949
vdb-entryx_refsource_VUPEN
http://osvdb.org/71774
vdb-entryx_refsource_OSVDB
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
third-party-advisoryx_refsource_CERT

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2011-0663 : Multiple Integer Overflow Vulnerabilities in Microsoft's Scripting Engines | SecurityVulnerability.io