1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Microsoft Windows VBScript Engine CVE-2019-0667

Web Attack: Microsoft Windows VBScript Engine CVE-2019-0667

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.

Additional Information

Microsoft Windows VBScript Engine is prone to a remote memory-corruption vulnerability because it fails to properly handles objects in memory. This may allow attackers to embed an ActiveX control marked 'safe for initialization' in an application or Microsoft Office document that hosts the IE rendering engine.

Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Affected

  • Microsoft Windows

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube