PT-2003-1308 · Microsoft · Windows Script Engine For Jscript

Roland Postle

Publicado

2003-03-21

Atualizado

2019-04-30

CVE-2003-0010

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Windows Script Engine for JScript (JScript.dll) (affected versions not specified)

Description The issue is related to an integer overflow in the JsArrayFunctionHeapSort function. This allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value, enabling a heap-based buffer overflow attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2003-0010

Produtos afetados

Windows Script Engine For Jscript

PT-2003-1308 · Microsoft · Windows Script Engine For Jscript

CVE-2003-0010

Identificadores relacionados

Produtos afetados

Referências · 10