CVE-2016-0002

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 8 through 11 VBScript versions 5.7 and 5.8 JScript versions 5.7 and 5.8

Description The issue is related to the handling of objects in memory by the VBScript engine in Internet Explorer, allowing remote attackers to execute arbitrary code via a crafted web site. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the issue could take control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Internet Explorer versions 8 through 11, update the VBScript and JScript engines to a non-vulnerable version. For VBScript versions 5.7 and 5.8, consider disabling the scripting engine until a patch is available. For JScript versions 5.7 and 5.8, restrict access to the scripting engine to minimize the risk of exploitation.