MS16-086: Cumulative Security Update for JScript and VBScript (3169996)
High Nessus Plugin ID 92017
SynopsisThe remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the JScript and VBScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a Microsoft Office document containing an embedded ActiveX control, to corrupt memory, resulting in the execution of arbitrary code in the context of the current user.
SolutionMicrosoft has released a set of patches for Windows Vista, 2008, Server Core 2008, and Server Core 2008 R2. Alternatively, apply the workaround referenced in the vendor advisory.