SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe VBScript and JScript engines on the remote host are affected by multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist in the VBScript and JScript engines due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. (CVE-2015-2482, CVE-2015-6055)
- A security feature bypass vulnerability exists in the VBScript and JScript engines due to a failure to use Address Space Layout Randomization (ASLR). An attacker can exploit this to predict memory offsets in a call stack. (CVE-2015-6052)
- An information disclosure vulnerability exists in the VBScript and JScript engines due to improper handling of objects in memory. A remote attacker can exploit this to disclose the contents of memory. (CVE-2015-6059)
SolutionMicrosoft has released a set of patches for Windows Vista, 2008, and 2008 R2.