CVE-2015-1684

Name of the Vulnerable Software and Affected Versions Microsoft VBScript versions 5.6 through 5.8

Description A security feature bypass exists in the VBScript engine, allowing an attacker to bypass the Address Space Layout Randomization (ASLR) protection mechanism. This bypass does not allow arbitrary code execution on its own but could be used in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system. The issue arises when the VBScript engine fails to utilize the ASLR security feature, enabling an attacker to more accurately predict memory offsets of specific instructions in a given call stack.

Recommendations For Microsoft VBScript versions 5.6 through 5.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.