PT-2003-1308 · Microsoft · Windows Script Engine For Jscript

Roland Postle

Published

2003-03-21

Updated

2019-04-30

CVE-2003-0010

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Windows Script Engine for JScript (JScript.dll) (affected versions not specified)

Description The issue is related to an integer overflow in the JsArrayFunctionHeapSort function. This allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value, enabling a heap-based buffer overflow attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0010

Affected Products

Windows Script Engine For Jscript

PT-2003-1308 · Microsoft · Windows Script Engine For Jscript

CVE-2003-0010

Related Identifiers

Affected Products

References · 10