Remote Code Execution Vulnerability in Microsoft VBScript and JScript Engines
CVE-2016-0002

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Jscript
Vbscript
Vendor
CVE Published:
13 January 2016

Summary

The Microsoft VBScript and JScript engines, utilized across various versions of Internet Explorer, are susceptible to a memory corruption vulnerability that could potentially allow an attacker to execute arbitrary code. This occurs when a user visits a specially crafted website, leading to possible unauthorized access or control over the affected system. A patch is recommended to mitigate the risks associated with this vulnerability and ensure the security of users' devices.

References

http://www.securitytracker.com/id/1034650
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1034648
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.