Vulnerability Name: | CVE-2008-0083 (CCN-40056) | ||||||||
Assigned: | 2008-04-08 | ||||||||
Published: | 2008-04-08 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-94 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2008-0083 Source: HP Type: UNKNOWN SSRT080048 Source: CCN Type: SA29712 Microsoft VBScript/JScript Script Decoding Buffer Overflow Source: SECUNIA Type: Vendor Advisory 29712 Source: CCN Type: SECTRACK ID: 1019799 Windows VBScript and JScript Scripting Engine Bug Lets Remote Users Execute Arbitrary Code Source: CCN Type: ASA-2008-158 MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) Source: CCN Type: NORTEL BULLETIN ID: 2008008771, Rev 1 Nortel Response to Microsoft Security Bulletin MS08-022 Source: CCN Type: NORTEL BULLETIN ID: 2008008788, Rev 1 Centrex IP Client Manager (CICM) response to Microsoft April security bulletin Source: CCN Type: Microsoft Security Bulletin MS08-022 Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338) Source: BID Type: Patch 28551 Source: CCN Type: BID-28551 Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1019799 Source: CERT Type: US Government Resource TA08-099A Source: VUPEN Type: Vendor Advisory ADV-2008-1146 Source: MS Type: UNKNOWN MS08-022 Source: XF Type: UNKNOWN win-vbscript-jscript-code-execution(40056) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5495 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |