Oval Definition:oval:org.mitre.oval:def:28938
Revision Date:2015-12-22Version:43
Title:VBScript Memory corruption vulnerability - CVE-2015-2372 (MS15-065 and MS15-066)
Description:vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-2372
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft VBScript 5.6
Microsoft VBScript 5.7
Microsoft VBScript 5.8
Definition Synopsis
  • VBScript 5.6 and 2K3 vulnerable version
  • vbscript.dll 5.6 or later is installed
  • AND 2K3 + vulnerable file version
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • AND Check if the version of VBScript.dll is less than 5.6.0.8856
  • AND Internet Explorer 6 (any patch level) is installed
  • OR VBScript 5.7 and 2K3/Vista/2k8 vulnerable version
  • Vbscript.dll 5.7 or later is installed
  • AND 2K3/Vista/2k8 vulnerable version
  • 2k3 and vulnerable file version
  • 2K3
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • AND Check if the version of VBScript.dll is less than 5.7.6002.23712
  • OR Vista / 2k8 and vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Check for vulnerable version
  • Check if the version of VBScript.dll is less than 5.7.6002.19405
  • AND Internet Explorer 7 is installed
  • OR Vbscript.dll 5.8 and vul version
  • Vbscript.dll 5.8 or later is installed
  • AND 2k8/Win7/2k8 R2/Win 8/Win 8.1/Win 2k12/Win 2k12 R2 vulnerable version
  • VBScript 5.8 and 2K3/Vista/2k8/Win7/2k8 R2 + IE 8 vulnerable version
  • 2K3/Vista/2K8/Win7/R2 + VBScript 5.8 + vulnerable version
  • Internet Explorer 8 is installed
  • OR Vista/2k8/Win7/R2 and IE 9 + vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND Check for vulnerable version
  • Check if the version of vbscript.dll is less than 5.8.7601.17174
  • AND Internet Explorer 9 is installed
  • OR Win7/R2/Win8/2k12 and IE 10 + vulnerable file version
  • Check if Microsoft Internet Explorer 10 is installed
  • AND Win7/R2/Win8/2k12 + VBScript 5.8 + vulnerable version
  • OR Win7/2k8 R2/Win8.1/2k12 R2 and IE 11 + vulnerable file version
  • Win7/2k8 R2/Win8.1/2k12 R2 and vulnerable file version
  • Check if Microsoft Internet Explorer 11 is installed
    • BACK