Microsoft Windows VBScript and JScript engines code execution (MS_Encoded_Script_Overflow)

About this signature or vulnerability

Proventia Server IPS for Microsoft Windows technology, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, BlackICE Server Protection, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor:

This signature detects malicious VBScript and JScript encodings that may allow code execution on vulnerable Windows systems.


Default risk level

High risk vulnerability  High

Sensors that have this signature

Proventia Server IPS for Microsoft Windows technology: 2.0.252.2190, Proventia Server IPS for Microsoft Windows technology: 1.0.914.2190, Proventia Network MFS: XPU 28.050, Proventia-G 1.1 and earlier: XPU 28.050, Proventia Network IPS: XPU 28.050, Proventia Desktop: 2190, Proventia Server IPS for Linux technology: 28.050, BlackICE Server Protection: 3.6.cqy, BlackICE PC Protection: 3.6cqy, RealSecure Network: XPU 28.050, RealSecure Server Sensor: XPU 28.050

Systems affected

Microsoft Windows XP: SP2, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft VBScript: 5.6, Microsoft Windows XP: SP2 x64-Professional, Microsoft VBScript: 5.1, Microsoft Windows 2003 Server: SP2 Itanium, Microsoft Windows 2003 Server: SP2 x64, Microsoft Windows 2003 Server: SP2, Microsoft JScript: 5.1, Microsoft JScript: 5.6, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Windows XP: x64-Professional, Microsoft Windows 2003 Server: SP1

Type

Unauthorized Access Attempt

Vulnerability description

The Microsoft Windows VBScript (VBScript.dll) and JScript (JScript.dll) scripting engines could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability regarding the decoding of scripts within a Web page. By persuading a victim to visit a malicious Web page, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-022. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

Microsoft Security Bulletin MS08-022
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
http://www.microsoft.com/technet/security/bulletin/ms08-022.mspx

NORTEL BULLETIN ID: 2008008771, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-022
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=714148

NORTEL BULLETIN ID: 2008008788, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft April security bulletin
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=716807

ISS X-Force
Microsoft Windows VBScript and JScript engines code execution
http://www.iss.net/security_center/static/40056.php

CVE
CVE-2008-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0083