Oval Definition:	oval:org.cisecurity:def:468
Revision Date: 2016-05-27 Version: 38 Title: Scripting Engine Memory Corruption Vulnerability - CVE-2015-2493 (MS15-094) Description: The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-2493 Platform(s): Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Product(s): Microsoft JScript 5.8 Microsoft VBScript 5.8 Definition Synopsis Microsoft Internet Explorer 8 is installed AND vulnerable OS + vulnerable JScript/VBScript version Vista/2k8 + vulnerable file version Vista/2k8 Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed AND Check for vulnerable VBScript/Jscript version Check for vulnerable VBScript version Check if the version of VBScript.dll is less than 5.8.6001.19679 OR Check for vulnerable Jscript version Check if the version of Jscript.dll is less than 5.8.6001.19679 OR Win7/2k8 R2 + vulnerable file version Win7/2k8 R2 Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable VBScript/Jscript version Check for vulnerable file version Check if the version of VBScript.dll is less than 5.8.7601.18969 OR Check for vulnerable Jscript version Check if the version of Jscript.dll is less than 5.8.7601.18969
BACK