Microsoft Windows VBScript Filter Function Remote Code Execution Vulnerability

ID ZDI-15-521
Type zdi
Reporter Anonymous
Modified 2015-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code in applications using the VBScript scripting language running on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The vulnerability relates to the Filter function in VBScript. By passing unexpected arguments to this function, an attacker can cause an integer to be incorrectly interpreted as a pointer to an object in memory. An attacker can leverage this vulnerability to execute code under the context of the current process.