Signature Detail

HTTP: Internet Explorer JScript/VBScript Decoding Overflow

This signature detects Web pages containing dangerous scripts. A remote code execution vulnerability exists in the way that the VBScript and JScript scripting engines decode script in Web pages. This vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running specially crafted script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

Extended Description

Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input. Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary code to run with the privileges of the victim. These versions are affected: VBScript 5.6 and earlier JScript 5.6 and earlier

Affected Products

• HP Storage Management Appliance 2.1
• Microsoft JScript 5.1
• Microsoft JScript 5.6
• Microsoft VBScript 5.1
• Microsoft VBScript 5.6
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T

References

• BugTraq: 28551
• CVE: CVE-2008-0083