CVE-2014-0271

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 6 through 11 VBScript versions 5.6 through 5.8

Description The issue is related to the handling of objects in memory by the VBScript engine, allowing remote attackers to execute arbitrary code or cause memory corruption via a crafted web site. This could enable an attacker to gain control over an affected system, especially if the current user has administrative rights, potentially leading to the installation of programs, modification or deletion of data, and creation of new accounts with full user rights.

Recommendations For Internet Explorer versions 6 through 11, update to a version that includes the fix for this issue. For VBScript versions 5.6 through 5.8, consider disabling the VBScript engine until a patch is available. As a temporary workaround, restrict access to web sites that could potentially exploit this vulnerability. Avoid using Internet Explorer or VBScript for sensitive operations until the issue is resolved.