Computer Security

Microsoft Windows JavaScript engine memory corruption
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows JavaScript engine memory corruption
Published:09.09.2009
Source:MICROSOFT
SecurityVulns ID:10212
Type:client
Level:8/10
Description:Memory corruption on "arguments" keyword parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-045 - Critical Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) (09.09.2009)
 documentZDI, ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability (09.09.2009)
Files:Microsoft Security Bulletin MS09-045 - Critical: Vulnerability in JScript Scripting Engines could allow remote code execution
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server