TITLE: Microsoft Windows JScript and VBScript Integer Overflow Vulnerability SECUNIA ADVISORY ID: http://secunia.com/advisories/44162/ Criticality level: Highly critical Impact: System access Where: From remote Operating Systems: Microsoft Windows 7 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows Storage Server 2003 Microsoft Windows Vista Microsoft Windows XP Home Edition Microsoft Windows XP Professional DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when the scripting engine reallocates memory while decoding a script. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. ORIGINAL ADVISORY: MS11-031 (KB2510531, KB2510581, KB2510587): http://www.microsoft.com/technet/security/Bulletin/MS11-031.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-