Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-255: Vulnerability in VBScript and JScript Scripting Engines

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-255: Vulnerability in VBScript and JScript Scripting Engines
# 1  
Old 04-09-2008
S-255: Vulnerability in VBScript and JScript Scripting Engines
A remote code execution vulnerability exists in the way that the VBScript and JScript scripting engines decode script in Web pages. This vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running specially crafted script. The risk is MEDIUM. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Spliting a line after 255 characters.

Hi Guys, I have a file which contains multiple lines. I need to split each line 255 characters and then I need to add call statement in the front and semi colon at the end. I/P: call sp_rebuildindex('aaa.aaa','column column column column column column column column column column ... (4 Replies)
Discussion started by: Booo
4 Replies

2. Shell Programming and Scripting

echo !SR | nc 255.255.2.2 80 - how to in XP?

Hi guys I am trying to interface with an old industrial scanner through an old PC with an old network card and a copy of Linux. It now needs to speak to a Windows XP machine, but I have no idea what the Windows equivalent of these functions would are: echo !1 | nc 255.255.2.2 80 echo ?2 | nc... (3 Replies)
Discussion started by: TonyG
3 Replies

3. Shell Programming and Scripting

sed limitation of 255 characters

Gurus, sed -e "s/\(.\{1,255\}\)\(.\{1,2\}\)\(.*\)/\1AB\3/" FILE ---this works sed -e "s/\(.\{1,468\}\)\(.\{1,2\}\)\(.*\)/\1AB\3/" FILE ---this does not It works only till 1,255 ( any number below 255 works) Any one know how to increase this limit. Thanks Sirababu (4 Replies)
Discussion started by: sirababu
4 Replies

4. Solaris

Exit status 255 on sftp

HI guys When i try SFTP to a machine using a user account whose entry in /etc/passwd as follows user:x:8005:508::/export/home/user:/bin/false and i am not placed my keys over there i am using the password option in the sftp Since the keys are not there it ask for the password ... (5 Replies)
Discussion started by: GIC1986
5 Replies

5. Programming

make[1] *** [libsupp.a] Error 255

I have searched google and these forums as well. I am trying to compile proftpd on a vanilla Solaris 10 server and I am getting an error when I try to 'make' Server - Solaris 10 update 4 Installed packages from sunfreeware.com autoconf-2.60-sol10-sparc-local... (2 Replies)
Discussion started by: jjsoladmin
2 Replies

6. Shell Programming and Scripting

I dont want to know any search engines

I just want to know where I can download it on this website plz (1 Reply)
Discussion started by: memattmyself
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

rats

RATS(1) 						      General Commands Manual							   RATS(1)

NAME

       rats - Rough Auditing Tool for Security

SYNOPSIS

       rats [options] [file]...

DESCRIPTION

       rats  is  a  rough auditing tool for security developed by Secure Software, Inc.  It is a tool for scanning C, Perl, PHP, and Python source
       code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use)  race  condi-
       tions.	As  its  name  implies,  the  tool performs only a rough analysis of source code.  It will not find every error and will also find
       things that are not errors.  Manual inspection of your code is still necessary, but greatly aided with this tool.

       When started, RATS will scan each file or each file in the directory specified on the command line and produce a report	when  scanning	is
       complete.   What  vulnerabilities  are reported in the final report depend on the data contained in the vulnerability database or databases
       that are used and the warning level in use.

       For each vulnerability, the list of files and line numbers where it occured is given, followed by a brief description of the  vulnerability
       and suggested action.

OPTIONS

       -h, --help
	      Displays a brief usage summary and exit.

       -a <fun>
	      Report any occurence of function 'fun' in the source file(s)

       -d <filename>, --database <filename>, --db <filename>
	      Specifies a vulnerability database to be loaded.	You may have multiple -d options and each database specified will be loaded.

       -i, --input
	      Causes a list of function calls that were used which accept external input to be produced at the end of the vulnerability report.

       -l <lang>, --language <language>
	      Force the specified language to be used regardless of filename extension.  Currently valid language names are "c", "perl", "php" and
	      "python".

       -r, --references
	      Causes references to vulnerable function calls that are not being used as calls themselves to be reported.

       -w <level>, --warning <level>
	      Sets the warning level. Valid levels are 1, 2 or 3.

	      1 includes only default and high severity.

	      2 includes medium severity (default).

	      3 includes low severity vulnerabilities.

       -x     Causes the default vulnerability databases (which are in the installation data directory, /usr/share/rats  by  default)  to  not	be
	      loaded.

       -R, --no-recurssion
	      Do not recurse subdirectories when encountered.

       --xml  Output in XML

       --html Output in HTML

       --follow-symlinks
	      Follow  symlinks	and treat them like whatever they are pointing to.  If the symlink points to a directory it will be descended into
	      unless -R is specified, if a pointing to a file, it will be treated as a file.

AUTHOR

       This manual page was orginally written by Adam Lazur <adam@lazur.org>, for the Debian GNU/Linux system (but may be used by others).

       Modified by Secure Software, Inc.

								September 17, 2001							   RATS(1)