Microsoft Warns of New Windows Flaw
The flaw lies in the Windows Script Engine for Jscript, which enables the operating system to execute script code.Microsoft Corp. has released a patch for a critical vulnerability in every version of Windows from 98 forward. The flaw lies in the Windows Script Engine for Jscript, which enables the operating system to execute script code. The engine incorrectly processes the script and does not correctly size a buffer during a memory operation. As a result, an attacker could cause a buffer overflow and execute code of his choice on a vulnerable machine. In order to exploit this problem, the attacker would either need to construct a Web page that contains the malicious code and lure a user to the page or send the user an HTML mail message with the code included.
Any code the attacker is able to execute on the users machine would run with the users privileges.
Find white papers on security.