Flaw in Windows Script Engine New
A security vulnerability exists in the Windows Script Engine (WSH) on most versions of Windows that could allow a malicious web page operator to execute the code of their choice on the local machine.
Issue
The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript.
A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker’s choice with the user’s privileges. The web page could be hosted on a web site, or sent directly to the user in email.
Affected Products
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows Me
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
Download
Software patches are available from the following locations:
- Microsoft Windows 98 and Second Edition
- Microsoft Windows Me
- Microsoft Windows NT 4.0 and Terminal Server Edition
- Microsoft Windows 2000 and XP
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: March 21, 2003
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
 |
 |
|
More Guides » | Registry Guide | Support Forums | Software Guide | Scripting Guide | Search |  | |
