A vulnerability in the VBScript engine component of Microsoft Windows could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
The vulnerability is due to improper memory operations that are performed by the affected software. An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.
Microsoft confirmed the vulnerability and released software updates.
Security Impact Rating: Medium