Oval Definition:oval:org.mitre.oval:def:6316
Revision Date:2015-08-10Version:49
Title:JScript Remote Code Execution Vulnerability
Description:The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-1920
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):JScript Scripting Engine
Definition Synopsis
  • JScript Scripting Engine is installed
  • AND
  • JScript 5.1 or JScript 5.6 on Windows 2000
  • Microsoft Windows 2000 is installed
  • AND JScript section
  • JScript 5.6 is installed
  • OR JScript 5.1 is installed
  • AND the version of Jscript.dll is less than 5.6.0.8837
  • OR JScript 5.6 on Windows XP, Windows Server 2003
  • Windows XP 32-bit/x64, Windows Server 2003 x86/x64/ia64
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND JScript 5.6 is installed
  • AND the version of Jscript.dll is less than 5.6.0.8837
  • OR Vulnerable JScript 5.7
  • JScript 5.7 is installed
  • AND Windows XP, Windows Server 2003
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND the version of Jscript.dll is less than 5.7.6002.22145
  • AND Windows Vista 32-bit/x64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Check for LDR/GDR
  • the version of Jscript.dll is less than 5.7.0.16865
  • OR Check for LDR
  • Check if version of jscript.dll is greater than or equal to 5.7.0.20000
  • AND Check if version of jscript.dll is less than 5.7.0.21061
  • AND Windows Vista 32/x64, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Check for LDR/GDR
  • the version of Jscript.dll is less than 5.7.0.18266
  • OR Check for LDR
  • Check if the version is greater than or equal to 5.7.0.22000 (jscript)
  • AND Check if version of jscript.dll is less than 5.7.0.22443
  • AND Windows Vista 32-bit/x64, Windows Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Check for LDR/GDR
  • the version of Jscript.dll is less than 5.7.6002.18045
  • OR Check for LDR
  • Check if the version is greater than or equal to 5.7.6002.22000 (jscript)
  • AND Check if version of jscript.dll is less than 5.7.6002.22146
  • OR Vulnerable JScript 5.8
  • JScript 5.8 is installed
  • AND Windows XP, Windows Server 2003 x86/x64
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND the version of Jscript.dll is less than 5.8.6001.22886
  • OR JScript 5.8 on Windows Vista, Windows Server 2008
  • Windows Vista, Windows Server 2008
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Check for LDR/GDR
  • the version of Jscript.dll is less than 5.8.6001.18795
  • OR Check for LDR
  • Check if version of jscript.dll is greater than or equal to 5.8.6001.22000
  • AND the version of Jscript.dll is less than 5.8.6001.22886
    • BACK