---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft JScript Scripting Engine Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA36551 VERIFY ADVISORY: http://secunia.com/advisories/36551/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the JScript engine (JScript.dll) and can be exploited to corrupt memory when a user e.g. visits a specially crafted web page. Successful exploitation may allow execution of arbitrary code. NOTE: The vulnerability does not affect Windows Server 2008 R2 for x64-based or Itanium-based systems. SOLUTION: Apply patches. Microsoft Windows 2000 SP4 with JScript 5.1 or JScript 5.6: http://www.microsoft.com/downloads/details.aspx?familyid=2bb3af8d-f36c-4497-9f48-fc59bcff2583 Windows XP SP2 with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?familyid=0af373b2-2240-4079-a748-a38d1bc06f39 Windows XP SP2 with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=c933377d-e0bc-4334-bc75-029045d7a62a Windows XP SP3 with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=c933377d-e0bc-4334-bc75-029045d7a62a Windows XP SP2 (optionally with SP3) with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=992602d8-d857-41cf-b7b1-527afdc1dc0f Windows XP Professional x64 Edition SP2 with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?familyid=0d671004-da4e-4dbd-a066-861b53b0c59c Windows XP Professional x64 Edition SP2 with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=9aae426d-ee9a-4736-b0a2-e0f8890a6895 Windows XP Professional x64 Edition SP2 with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=00bae02a-64eb-4b91-965f-da2dc987a2ff Windows Server 2003 SP2 with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?familyid=6acc9d2d-b71f-4b5c-9aea-b217b6ae240b Windows Server 2003 SP2 with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=6af5d034-fd89-42e2-bc18-d44b7a6b0a85 Windows Server 2003 SP2 with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=ecf9f7e2-3104-4de2-8b3d-99dcdcae6e62 Windows Server 2003 x64 Edition SP2 with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?familyid=d0de3ab1-73e9-4a09-841f-81ade41a8c81 Windows Server 2003 x64 Edition SP2 with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=8f48bc05-ffac-4a21-8d21-dd20355cda8a Windows Server 2003 x64 Edition SP2 with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=643f9e2f-2e5b-48dd-b1a0-22ccb633ed18 Windows Server 2003 with SP2 for Itanium-based Systems with JScript 5.6: http://www.microsoft.com/downloads/details.aspx?familyid=e78cf021-54f5-4526-b5f0-f781aebf9d72 Windows Server 2003 with SP2 for Itanium-based Systems with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=fb1ca290-cea4-49c0-a37e-613a654bff3c Windows Vista (optionally with SP1 or SP2) with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=bcb12e57-f5d6-4b4e-88ab-13c28137f11a Windows Vista (optionally with SP1 or SP2) with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=80e7390f-df39-4d99-b2e1-01c7f6a951bb Windows Vista x64 Edition (optionally with SP1 or SP2) with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=8b1b76d5-a6b0-4c2f-8768-e55e82c2c118 Windows Vista x64 Edition (optionally with SP1 or SP2) with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=24457cdd-1973-40c9-9c2d-c1a75fdfa7fa Windows Server 2008 for 32-bit Systems (optionally with SP2) with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=df88e6e5-78d3-4fa6-858d-b935d812cada Windows Server 2008 for 32-bit Systems (optionally with SP2) with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=e7b07be6-a4f8-4847-9c55-9b3d2965fa77 Windows Server 2008 for x64-based Systems (optionally with SP2) with JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=f584f8ca-f6b1-4285-a44c-3df5e51e75de Windows Server 2008 for x64-based Systems (optionally with SP2) with JScript 5.8: http://www.microsoft.com/downloads/details.aspx?familyid=9eddbb89-4178-49c2-836a-2d292fe50936 Windows Server 2008 for Itanium-based Systems (optionally with SP2) JScript 5.7: http://www.microsoft.com/downloads/details.aspx?familyid=b84fca1d-914d-45af-a48c-d9bc5d20c6b7 PROVIDED AND/OR DISCOVERED BY: The vendor credits Wushi of team509, working with Zero Day Initiative. ORIGINAL ADVISORY: MS09-045 (KB971961): http://www.microsoft.com/technet/security/Bulletin/MS09-045.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------