Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows JavaScript engine memory corruption
Published:09.09.2009
Source:
SecurityVulns ID:10212
Type:client
Threat Level:
8/10
Description:Memory corruption on "arguments" keyword parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-045 - Critical Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) (09.09.2009)
 documentZDI, ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability (09.09.2009)
Files:Microsoft Security Bulletin MS09-045 - Critical: Vulnerability in JScript Scripting Engines could allow remote code execution

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod