MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
High Nessus Plugin ID 72434
SynopsisArbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.
DescriptionThe installed version of the VBScript Scripting Engine has a memory corruption vulnerability due to improper handling of objects in memory.
If an attacker can trick a user on the system into viewing or opening malicious content, this issue could be leveraged to execute arbitrary code on the affected system, subject to the user's privileges.
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 2008 R2, 7, 8, 8.1, 2012, and 2012 R2.