JScript 5.6 Security Patch for Windows 98, Me and NT 4.0 (814078)

Brief Description

An attacker may exploit a vulnerability in Windows Script Engine by constructing a Web page that, when visited by a user, runs code of the attacker’s choice with user credentials. The attacker can host the Web page on a Web site or send the page directly to the user by e-mail.

Overview

A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a Web page that, when visited by the user, would execute code of the attacker’s choice with user privileges. The Web page could be hosted on a Web site, or sent directly to the user in email. For more information, see Knowledge Base Article 814078.

Top of page

System Requirements

Supported Operating Systems: Windows 98; Windows ME; Windows NT

Top of page

Instructions

The update available from this page is for JScript 5.6 on Windows 98, Me and NT 4.0. To determine which version of JScript is on your machine:

Open the Windows Explorer

Navigate to the \windows\system32 directory or the \windows\system directory on Windows 98 installations

Right click on jscript.dll and choose "Properties"

Choose the "Version" tab

The version will be the first line of information. For example, after this patch is installed it will be 5.6.0.8513. If your version is 5.1 or 5.5, please use the appropriate link under Related Resources on the right side of this page.

To download and install this patch:

Click the Download link to start the download, or choose a different language from the drop-down list and click Go.
Do one of the following:

To start the installation immediately, click Open or Run this program from its current location.
To copy the download to your computer for installation at a later time, click Save or Save this program to disk.

Top of page