CVE-2015-1686

Name of the Vulnerable Software and Affected Versions Microsoft VBScript versions 5.6 through 5.8 Microsoft JScript versions 5.6 through 5.8

Description A security feature bypass exists in the JScript and VBScript engines, allowing attackers to bypass the Address Space Layout Randomization (ASLR) protection mechanism. This bypass does not allow arbitrary code execution on its own but can be used in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.

Recommendations For Microsoft VBScript versions 5.6 through 5.8, consider disabling the use of these engines until a patch is available. For Microsoft JScript versions 5.6 through 5.8, restrict access to the JScript engine to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of scripts in Internet Explorer 8 through 11 to prevent potential attacks.