Microsoft JScript And VBScript Scripting Engines Information Disclosure Vulnerability (2475792) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-009.

Impact

Successful exploitation will allow remote attackers to gain access to sensitive information that may aid in further attacks. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-009

Insight

The flaw is caused by a memory corruption error in the JScript and VBScript scripting engines when processing scripts in Web pages.

Affected

Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/43249/
http://technet.microsoft.com/en-us/security/bulletin/ms11-009
http://www.vupen.com/english/advisories/2011/0322

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0031
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft Active Directory Federation Services Information Disclosure Vulnerability (2873872)
Microsoft Group Policy Preferences Privilege Elevation Vulnerability (2962486)
Microsoft RDP flaws could allow sniffing and DOS(Q324380)
Microsoft Windows LSASS Denial of Service Vulnerability (975467)
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)

Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)

Take action and discover your vulnerabilities