CVE-2015-6135

Name of the Vulnerable Software and Affected Versions Microsoft VBScript versions 5.7 and 5.8 Microsoft JScript versions 5.7 and 5.8

Description The issue allows remote attackers to obtain sensitive information from process memory via a crafted web site. An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data. To exploit the issue, an attacker must know the memory address of where the object was created.

Recommendations For Microsoft VBScript version 5.7, update to a version that fixes the information disclosure vulnerability. For Microsoft VBScript version 5.8, update to a version that fixes the information disclosure vulnerability. For Microsoft JScript version 5.7, update to a version that fixes the information disclosure vulnerability. For Microsoft JScript version 5.8, update to a version that fixes the information disclosure vulnerability. As a temporary workaround, consider restricting access to the CreateObject function until a patch is available.