VU#338824: Microsoft Internet Explorer Scripting Engine memory corruption vulnerabilityhttp://bit.ly/377yB6D
-
-
Replying to @USCERT_gov
At https://kb.cert.org/vuls/id/338824/ you indicate IE9/10/11 "uses Jscript9.dll which is not impacted... only affects certain websites that utilize jscript" But would a malicious site built specifically to exploit this be able to force the use of jscript? cc:
@wdormann,@msftsecresponse1 reply 0 retweets 0 likes -
"By default" is the key phrase that you omitted. Yes, a website can choose to use the legacy jscript.dll, which is the problem here.
1 reply 0 retweets 2 likes -
Thanks so much for the quick response. I assumed this was the case, but appreciate the clarification.
1 reply 0 retweets 0 likes
No problem. I've updated the wording in the CERT vulnerability note to make this distinction more clear.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.