KLA10719 Multiple vulnerabilities in Microsoft VBScript

2015-12-0800:00:00

Kaspersky Lab

threats.kaspersky.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.951 High

EPSS

Percentile

99.3%

JSON

Memory handling vulnerabilities were found in Microsoft VBScript. By exploiting these vulnerabilities malicious users can execute arbitrary code or obtain sensitive information. These vulnerabilities can be exploited remotely via a specially designed web site.

Original advisories

CVE-2015-6135

CVE-2015-6136

Related products

Microsoft-VBScript-engine

CVE list

CVE-2015-6135 critical

CVE-2015-6136 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.