Oval Definition:oval:org.mitre.oval:def:12673
Revision Date:2015-08-10Version:58
Title:Scripting Memory Reallocation Vulnerability
Description:Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-0663
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):JScript 5.6
JScript 5.7
JScript 5.8
VBScript 5.6
VBScript 5.7
VBScript 5.8
Definition Synopsis
  • JScript 5.6 on Windows XP, Windows Server 2003
  • Windows XP, Windows Server 2003
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND JScript 5.6 is installed
  • AND the version of Jscript.dll is less than 5.6.0.8850
  • OR JScript 5.7 on Windows XP, Windows Server 2003
  • Windows XP, Windows Server 2003
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND JScript 5.7 is installed
  • AND the version of Jscript.dll is less than 5.7.6002.22589
  • OR JScript 5.7 on Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND JScript 5.7 is installed
  • AND GDR or LDR Service branch
  • the version of Jscript.dll is less than 5.7.0.18599
  • OR LDR
  • the version of Jscript.dll is less than 5.7.0.22854
  • AND the version of Jscript.dll is greater than or equal to 5.7.0.22000
  • OR JScript 5.7 on Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND JScript 5.7 is installed
  • AND GDR or LDR Service branch
  • the version of Jscript.dll is less than 5.7.6002.18405
  • OR LDR
  • the version of Jscript.dll is less than 5.7.6002.22589
  • AND the version of Jscript.dll is greater than or equal to 5.7.6002.22000
  • OR JScript 5.8 on Windows XP, Windows Server 2003
  • Windows XP, Windows Server 2003
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND JScript 5.8 is installed
  • AND the version of Jscript.dll is less than 5.8.6001.23141
  • OR JScript 5.8 on Windows Vista, Windows Server 2008, not vulnerable on IE9
  • NOT Microsoft Internet Explorer 9 is installed
  • AND Windows Vista, Windows Server 2008
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND JScript 5.8 is installed
  • AND GDR or LDR Service branch
  • the version of Jscript.dll is less than 5.8.6001.19046
  • OR LDR
  • the version of Jscript.dll is less than 5.8.6001.23141
  • AND the version of Jscript.dll is greater than or equal to 5.8.6002.23000
  • OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium, not vulnerable on IE9
  • NOT Microsoft Internet Explorer 9 is installed
  • AND Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND JScript 5.8 is installed
  • AND GDR or LDR Service branch
  • the version of Jscript.dll is less than 5.8.7600.16762
  • OR LDR
  • the version of Jscript.dll is less than 5.8.7600.20904
  • AND the version of Jscript.dll is greater than or equal to 5.8.7600.20000
  • OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium, not vulnerable on IE9
  • NOT Microsoft Internet Explorer 9 is installed
  • AND Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND JScript 5.8 is installed
  • AND GDR or LDR Service branch
  • the version of Jscript.dll is less than 5.8.7601.17562
  • OR LDR
  • the version of Jscript.dll is less than 5.8.7601.21663
  • AND the version of Jscript.dll is greater than or equal to 5.8.7601.21000
  • OR Vbscript 5.6 on Windows XP, Windows Server 2003
  • Windows XP, Windows Server 2003
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND OS section
  • VBScript 5.6 is installed
  • OR VBScript 5.1 is installed
  • AND Vbscript.dll version is less than 5.6.0.8850
  • OR Vulnerable VBScript 5.7 on XP, Server 2003
  • Vulnerable VBScript 5.7 on XP, Server 2003
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND VBScript 5.7 is installed
  • AND Vbscript.dll version is less than 5.7.6002.22589
  • OR VBScript 5.7 on Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND VBScript 5.7 is installed
  • AND GDR or LDR Service branch
  • the version of Vbscript.dll is less than 5.7.0.18599
  • OR LDR
  • the version of Vbscript.dll is less than 5.7.0.22854
  • AND the version of Vbscript.dll is greater than or equal to 5.7.0.22000
  • OR JScript 5.7 on Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • JScript 5.7 on Windows Vista x86/x64, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND VBScript 5.7 is installed
  • AND GDR or LDR Service branch
  • the version of Vbscript.dll is less than 5.7.6002.18405
  • OR LDR
  • the version of Vbscript.dll is less than 5.7.6002.22589
  • AND the version of Vbscript.dll is greater than or equal to 5.7.6002.22000
  • OR VBScript 5.8 on XP, Server 2003
  • XP, Server 2003
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND VBScript 5.8 is installed
  • AND Vbscript.dll version is less than 5.8.6001.23141
  • OR Vbscript 5.8 on Windows Vista, Windows Server 2008
  • Windows Vista, Windows Server 2008
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND VBScript 5.8 is installed
  • AND GDR or LDR Service branch
  • the version of Vbscript.dll is less than 5.8.6001.19046
  • OR LDR
  • the version of Vbscript.dll is less than 5.8.6001.23141
  • AND the version of Vbscript.dll is greater than or equal to 5.8.6002.23000
  • OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium
  • Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND VBScript 5.8 is installed
  • AND GDR or LDR Service branch
  • the version of Vbscript.dll is less than 5.8.7600.16762
  • OR LDR
  • the version of Vbscript.dll is less than 5.8.7600.20904
  • AND the version of Vbscript.dll is greater than or equal to 5.8.7600.20000
  • OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium, not vulnerable on IE9
  • NOT Microsoft Internet Explorer 9 is installed
  • AND Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND VBScript 5.8 is installed
  • AND GDR or LDR Service branch
  • the version of Vbscript.dll is less than 5.8.7601.17562
  • OR LDR
  • the version of Vbscript.dll is less than 5.8.7601.21663
  • AND the version of Vbscript.dll is greater than or equal to 5.8.7601.21000
    • BACK