Описание
Windows Scripting Languages Remote Code Execution Vulnerability
FAQ
The CVE title says Windows Scripting Languages, what does that mean for this vulnerability?
This vulnerability impacts the JScript9 scripting language.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 7 for 32-bit Systems Service Pack 1 | ||
| Windows 7 for x64-based Systems Service Pack 1 | ||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Windows Server 2012 | ||
| Windows 8.1 for 32-bit systems | ||
| Windows 8.1 for x64-based systems | ||
| Windows Server 2012 R2 | ||
| Windows RT 8.1 | - | |
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Windows Scripting Languages Remote Code Execution Vulnerability
Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.
Уязвимость динамически подключаемой библиотеки обработчика сценариев (jscript9.dll) операционной системы Windows, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3