The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=120845064910729&w=2 - | |
References | () http://secunia.com/advisories/29712 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/28551 - Patch | |
References | () http://www.securitytracker.com/id?1019799 - | |
References | () http://www.us-cert.gov/cas/techalerts/TA08-099A.html - US Government Resource | |
References | () http://www.vupen.com/english/advisories/2008/1146/references - Vendor Advisory | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-022 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5495 - |
Information
Published : 2008-04-08 23:05
Updated : 2024-11-21 00:41
NVD link : CVE-2008-0083
Mitre link : CVE-2008-0083
CVE.ORG link : CVE-2008-0083
JSON object : View
Products Affected
microsoft
- windows_2003_server
- windows_xp
- windows_2000
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')