CVE-2011-0663 : Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2)

Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."

Published 2011-04-13 18:55:02

Updated 2025-04-11 00:51:22

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2011-0663

Microsoft » Jscript » Version: 5.6
cpe:2.3:a:microsoft:jscript:5.6:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » Jscript » Version: 5.7
cpe:2.3:a:microsoft:jscript:5.7:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Itanium Edition
When used together with: Microsoft » Windows Server 2008 » X32 Edition
When used together with: Microsoft » Windows Server 2008 » X64 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X32 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2 Itanium Edition
When used together with: Microsoft » Windows Vista » Update SP1
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Update SP3
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » Jscript » Version: 5.8
cpe:2.3:a:microsoft:jscript:5.8:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows 7 » Version: N/A
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X64 Edition
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X86 Edition
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » X32 Edition
When used together with: Microsoft » Windows Server 2008 » X64 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X32 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 Itanium Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 X64 Edition
When used together with: Microsoft » Windows Vista » Update SP1
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Update SP3
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » Vbscript » Version: 5.6
cpe:2.3:a:microsoft:vbscript:5.6:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » Vbscript » Version: 5.7
cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Itanium Edition
When used together with: Microsoft » Windows Server 2008 » X32 Edition
When used together with: Microsoft » Windows Server 2008 » X64 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X32 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2 Itanium Edition
When used together with: Microsoft » Windows Vista » Update SP1
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Update SP3
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
Microsoft » Vbscript » Version: 5.8
cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2003 Server » Update SP2
When used together with: Microsoft » Windows 7 » Version: N/A
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X64 Edition
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1 X86 Edition
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » X32 Edition
When used together with: Microsoft » Windows Server 2008 » X64 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X32 Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 Itanium Edition
When used together with: Microsoft » Windows Server 2008 » Version: R2 X64 Edition
When used together with: Microsoft » Windows Vista » Update SP1
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Update SP3
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition

Exploit prediction scoring system (EPSS) score for CVE-2011-0663

EPSS FAQ

22.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-0663

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-01-21
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2011-0663

CWE-189

Assigned by: nvd@nist.gov (Primary)
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2011-0663

http://www.securityfocus.com/bid/47249

Microsoft VBScript And JScript Scripting Engines Remote Code Execution Vulnerability
http://www.securitytracker.com/id?1025333

Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://www.us-cert.gov/cas/techalerts/TA11-102A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031

Microsoft Security Bulletin MS11-031 - Critical | Microsoft Docs
http://secunia.com/advisories/44162

Sign in
http://osvdb.org/71774
http://www.vupen.com/english/advisories/2011/0949

Webmail | OVH- OVH
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673

Repository / Oval Repository

Jump to

Vulnerability Details : CVE-2011-0663

Products affected by CVE-2011-0663

Exploit prediction scoring system (EPSS) score for CVE-2011-0663

CVSS scores for CVE-2011-0663

CWE ids for CVE-2011-0663

References for CVE-2011-0663