Vigil@nce: Windows, IE, information disclosure via JScript/VBScript
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to see an HTML page containing
JScript/VBScript code reading a memory fragment.
– Severity: 2/4
– Creation date: 09/02/2011
IMPACTED PRODUCTS
– Microsoft Internet Explorer
– Microsoft Windows 2008
– Microsoft Windows 7
DESCRIPTION OF THE VULNERABILITY
The JScript/VBScript engine interprets the JavaScript/VisualBasic
code contained in HTML pages.
A special JavaScript/VisualBasic code creates a memory processing
error in these engines. Technical details are unknown.
An attacker can therefore invite the victim to see an HTML page
containing JScript/VBScript code reading a memory fragment.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-IE-information-disclosure-via-JScript-VBScript-10347