MS16-003: Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)
High Nessus Plugin ID 87879
SynopsisThe remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the VBScript engine due to improper handling of objects in memory. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or open a Microsoft Office document containing an embedded ActiveX control, resulting in execution of arbitrary code in the context of the current user.
SolutionMicrosoft has released a set of patches for Windows Vista, 2008, and Server Core 2008 R2. Alternatively, apply the workaround referenced in the vendor advisory.