Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-255: Vulnerability in VBScript and JScript Scripting Engines

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-255: Vulnerability in VBScript and JScript Scripting Engines
# 1  
Old 04-09-2008
S-255: Vulnerability in VBScript and JScript Scripting Engines
A remote code execution vulnerability exists in the way that the VBScript and JScript scripting engines decode script in Web pages. This vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running specially crafted script. The risk is MEDIUM. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Spliting a line after 255 characters.

Hi Guys, I have a file which contains multiple lines. I need to split each line 255 characters and then I need to add call statement in the front and semi colon at the end. I/P: call sp_rebuildindex('aaa.aaa','column column column column column column column column column column ... (4 Replies)
Discussion started by: Booo
4 Replies

2. Shell Programming and Scripting

echo !SR | nc 255.255.2.2 80 - how to in XP?

Hi guys I am trying to interface with an old industrial scanner through an old PC with an old network card and a copy of Linux. It now needs to speak to a Windows XP machine, but I have no idea what the Windows equivalent of these functions would are: echo !1 | nc 255.255.2.2 80 echo ?2 | nc... (3 Replies)
Discussion started by: TonyG
3 Replies

3. Shell Programming and Scripting

sed limitation of 255 characters

Gurus, sed -e "s/\(.\{1,255\}\)\(.\{1,2\}\)\(.*\)/\1AB\3/" FILE ---this works sed -e "s/\(.\{1,468\}\)\(.\{1,2\}\)\(.*\)/\1AB\3/" FILE ---this does not It works only till 1,255 ( any number below 255 works) Any one know how to increase this limit. Thanks Sirababu (4 Replies)
Discussion started by: sirababu
4 Replies

4. Solaris

Exit status 255 on sftp

HI guys When i try SFTP to a machine using a user account whose entry in /etc/passwd as follows user:x:8005:508::/export/home/user:/bin/false and i am not placed my keys over there i am using the password option in the sftp Since the keys are not there it ask for the password ... (5 Replies)
Discussion started by: GIC1986
5 Replies

5. Programming

make[1] *** [libsupp.a] Error 255

I have searched google and these forums as well. I am trying to compile proftpd on a vanilla Solaris 10 server and I am getting an error when I try to 'make' Server - Solaris 10 update 4 Installed packages from sunfreeware.com autoconf-2.60-sol10-sparc-local... (2 Replies)
Discussion started by: jjsoladmin
2 Replies

6. Shell Programming and Scripting

I dont want to know any search engines

I just want to know where I can download it on this website plz (1 Reply)
Discussion started by: memattmyself
1 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

qaxscriptengine

QAxScriptEngine(3qt)													      QAxScriptEngine(3qt)

NAME

       QAxScriptEngine - Wrapper around a script engine

SYNOPSIS

       This class is part of the Qt ActiveQt Extension.

       #include <qaxscript.h>

       Inherits QAxObject.

   Public Members
       enum State { Uninitialized = 0, Initialized = 5, Started = 1, Connected = 2, Disconnected = 3, Closed = 4 }
       QAxScriptEngine ( const QString & language, QAxScript * script )
       ~QAxScriptEngine ()
       bool isValid () const
       bool hasIntrospection () const
       QString scriptLanguage () const
       State state () const
       void setState ( State st )
       void addItem ( const QString & name )
       long queryInterface ( const QUuid & uuid, void ** iface ) const

DESCRIPTION

       This class is defined in the Qt ActiveQt Extension, which can be found in the qt/extensions directory. It is not included in the main Qt
       API.

       The QAxScriptEngine class provides a wrapper around a script engine.

       Every instance of the QAxScriptEngine class represents an interpreter for script code in a particular scripting language. The class is
       usually not used directly. The QAxScript and QAxScriptManager classes provide convenient functions to handle and call script code.

       Direct access to the script engine is provided through queryInterface().

       Warning: This class is not available with the bcc5.5 and MingW compilers.

   Member Type Documentation
QAxScriptEngine::State
       The State enumeration defines the different states a script engine can be in.

       QAxScriptEngine::Uninitialized - The script has been created, but not yet initialized

       QAxScriptEngine::Initialized - The script has been initialized, but is not running

       QAxScriptEngine::Started - The script can execute code, but does not yet handle events

       QAxScriptEngine::Connected - The script can execute code and is connected so that it can handle events

       QAxScriptEngine::Disconnected - The script is loaded, but is not connected to event sources

       QAxScriptEngine::Closed - The script has been closed.

MEMBER FUNCTION DOCUMENTATION

QAxScriptEngine::QAxScriptEngine ( const QString & language, QAxScript * script )
       Constructs a QAxScriptEngine object interpreting script code in language provided by the code in script. This is usually done by the
       QAxScript class when loading a script.

       Instances of QAxScriptEngine should always have both a language and a script.

QAxScriptEngine::~QAxScriptEngine ()
       Destroys the QAxScriptEngine object, releasing all allocated resources.

void QAxScriptEngine::addItem ( const QString & name )
       Registers an item with the script engine. Script code can refer to this item using name.

bool QAxScriptEngine::hasIntrospection () const
       Returns TRUE if the script engine supports introspection; otherwise returns FALSE.

bool QAxScriptEngine::isValid () const
       Returns TRUE if the script engine has been initialized correctly; otherwise returns FALSE.

long QAxScriptEngine::queryInterface ( const QUuid & uuid, void ** iface ) const
       Requests the interface uuid from the script engine object and sets the value of iface to the provided interface, or to 0 if the requested
       interface could not be provided.

       Returns the result of the QueryInterface implementation of the COM object.

QString QAxScriptEngine::scriptLanguage () const
       Returns the scripting language, for example "VBScript", or "JScript".

void QAxScriptEngine::setState ( State st )
       Sets the state of the script engine to st. Calling this function is usually not necessary.

State QAxScriptEngine::state () const
       Returns the state of the script engine.

SEE ALSO

       http://doc.trolltech.com/qaxscriptengine.html http://www.trolltech.com/faq/tech.html

COPYRIGHT

       Copyright 1992-2007 Trolltech ASA, http://www.trolltech.com.  See the license file included in the distribution for a complete license
       statement.

AUTHOR

       Generated automatically from the source code.

BUGS

       If you find a bug in Qt, please report it as described in http://doc.trolltech.com/bughowto.html.  Good bug reports help us to help you.
       Thank you.

       The definitive Qt documentation is provided in HTML format; it is located at $QTDIR/doc/html and can be read using Qt Assistant or with a
       web browser. This man page is provided as a convenience for those users who prefer man pages, although this format is not officially
       supported by Trolltech.

       If you find errors in this manual page, please report them to qt-bugs@trolltech.com.  Please include the name of the manual page
       (qaxscriptengine.3qt) and the Qt version (3.3.8).

Trolltech AS							  2 February 2007					      QAxScriptEngine(3qt)