Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. MS08-022: Vulnerability in the VBScript and JScript scripting engines could allow remote code execution

MS08-022: Vulnerability in the VBScript and JScript scripting engines could allow remote code execution

View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS08-022. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update


Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

↑ Back to the top

Known issues with this security update

Issue 1

Symptoms

You install this security update on a Microsoft Windows 2000-based computer that is running a version of Microsoft Internet Explorer that is earlier than Microsoft Internet Explorer 5.5. When you do this, a script that uses features from VBScript 5.0 or a later version of VBScript does not work.

For example, you run a script that uses a feature that is provided by VBScript 5.0 or a later version of VBScript, such as RegExp. When you do this, you may receive an error message that resembles the following error message:



Library is not registered.

Cause

This issue occurs because the installer file for this security update does not add a registry entry that is associated with the new VBScript.dll file.


Workaround

To work around this issue, open a command prompt, type the following command, and then press ENTER:
Regsvr32 vbscript.dll

Issue 2

A setup issue was causing the update for VBScript 5.6 and JScript 5.6 to not be offered, and not installed, if Windows Internet Explorer 7 is installed on the system. The solution is a detection change to this security update. Customers who have successfully updated their systems do not need to reinstall this update.

File information

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported editions of Microsoft Windows 2000 Service Pack 4

File nameFile versionFile sizeDateTimePlatform
Jscript.dll5.6.0.8835458,75205-Jan-200811:05x86
Vbscript.dll5.6.0.8835401,40805-Jan-200811:05x86

For all supported 32-bit versions of Windows XP

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Jscript.dll5.6.0.8835450,56018-Dec-200714:40x86SP2SP2GDR
Vbscript.dll5.6.0.8835417,79218-Dec-200714:40x86SP2SP2GDR
Jscript.dll5.6.0.8835450,56018-Dec-200714:32x86SP2SP2QFE
Vbscript.dll5.6.0.8835417,79218-Dec-200714:32x86SP2SP2QFE

For all supported x64-based versions of Windows XP Professional

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Jscript.dll5.6.0.8835998,91214-Dec-200722:58x64SP1SP1GDR
Vbscript.dll5.6.0.8835662,01614-Dec-200722:58x64SP1SP1GDR
Wjscript.dll5.6.0.8835458,75214-Dec-200722:58x86SP1SP1GDR\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200722:58x86SP1SP1GDR\WOW
Jscript.dll5.6.0.8835999,42414-Dec-200722:58x64SP1SP1QFE
Vbscript.dll5.6.0.8835662,52814-Dec-200722:58x64SP1SP1QFE
Wjscript.dll5.6.0.8835458,75214-Dec-200722:58x86SP1SP1QFE\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200722:58x86SP1SP1QFE\WOW
Jscript.dll5.6.0.8835999,93614-Dec-200723:10x64SP2SP2GDR
Vbscript.dll5.6.0.8835663,04014-Dec-200723:10x64SP2SP2GDR
Wjscript.dll5.6.0.8835458,75214-Dec-200723:10x86SP2SP2GDR\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200723:10x86SP2SP2GDR\WOW
Jscript.dll5.6.0.8835999,93614-Dec-200722:58x64SP2SP2QFE
Vbscript.dll5.6.0.8835663,04014-Dec-200722:58x64SP2SP2QFE
Wjscript.dll5.6.0.8835458,75214-Dec-200722:58x86SP2SP2QFE\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200722:58x86SP2SP2QFE\WOW

For all supported 32-bit versions of Windows Server 2003

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Jscript.dll5.6.0.8835458,75214-Dec-200708:34x86SP1SP1GDR
Vbscript.dll5.6.0.8835401,40814-Dec-200708:34x86SP1SP1GDR
Jscript.dll5.6.0.8835458,75214-Dec-200708:00x86SP1SP1QFE
Vbscript.dll5.6.0.8835401,40814-Dec-200722:54x86SP1SP1QFE
Jscript.dll5.6.0.8835458,75214-Dec-200708:34x86SP2SP2GDR
Vbscript.dll5.6.0.8835401,40814-Dec-200708:34x86SP2SP2GDR
Jscript.dll5.6.0.8835458,75214-Dec-200708:41x86SP2SP2QFE
Vbscript.dll5.6.0.8835401,40814-Dec-200708:41x86SP2SP2QFE

For all supported x64-based versions of Windows Server 2003

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Jscript.dll5.6.0.8835998,91214-Dec-200722:58x64SP1SP1GDR
Vbscript.dll5.6.0.8835662,01614-Dec-200722:58x64SP1SP1GDR
Wjscript.dll5.6.0.8835458,75214-Dec-200722:58x86SP1SP1GDR\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200722:58x86SP1SP1GDR\WOW
Jscript.dll5.6.0.8835999,42414-Dec-200722:58x64SP1SP1QFE
Vbscript.dll5.6.0.8835662,52814-Dec-200722:58x64SP1SP1QFE
Wjscript.dll5.6.0.8835458,75214-Dec-200722:58x86SP1SP1QFE\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200722:58x86SP1SP1QFE\WOW
Jscript.dll5.6.0.8835999,93614-Dec-200723:10x64SP2SP2GDR
Vbscript.dll5.6.0.8835663,04014-Dec-200723:10x64SP2SP2GDR
Wjscript.dll5.6.0.8835458,75214-Dec-200723:10x86SP2SP2GDR\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200723:10x86SP2SP2GDR\WOW
Jscript.dll5.6.0.8835999,93614-Dec-200722:58x64SP2SP2QFE
Vbscript.dll5.6.0.8835663,04014-Dec-200722:58x64SP2SP2QFE
Wjscript.dll5.6.0.8835458,75214-Dec-200722:58x86SP2SP2QFE\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200722:58x86SP2SP2QFE\WOW

For all supported Itanium-based versions of Windows Server 2003

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Jscript.dll5.6.0.88351,304,57614-Dec-200722:58IA-64SP1SP1GDR
Vbscript.dll5.6.0.88351,116,16014-Dec-200722:58IA-64SP1SP1GDR
Wjscript.dll5.6.0.8835458,75214-Dec-200722:58x86SP1SP1GDR\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200722:58x86SP1SP1GDR\WOW
Jscript.dll5.6.0.88351,306,62414-Dec-200723:00IA-64SP1SP1QFE
Vbscript.dll5.6.0.88351,116,67214-Dec-200723:00IA-64SP1SP1QFE
Wjscript.dll5.6.0.8835458,75214-Dec-200723:00x86SP1SP1QFE\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200723:00x86SP1SP1QFE\WOW
Jscript.dll5.6.0.88351,306,62414-Dec-200723:09IA-64SP2SP2GDR
Vbscript.dll5.6.0.88351,116,67214-Dec-200723:09IA-64SP2SP2GDR
Wjscript.dll5.6.0.8835458,75214-Dec-200723:09x86SP2SP2GDR\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200723:09x86SP2SP2GDR\WOW
Jscript.dll5.6.0.88351,306,62414-Dec-200723:00IA-64SP2SP2QFE
Vbscript.dll5.6.0.88351,116,67214-Dec-200723:00IA-64SP2SP2QFE
Wjscript.dll5.6.0.8835458,75214-Dec-200723:00x86SP2SP2QFE\WOW
Wvbscript.dll5.6.0.8835401,40814-Dec-200723:00x86SP2SP2QFE\WOW

↑ Back to the top

Keywords: kbsecreview, kbexpertiseinter, kbexpertisebeginner, kbmustloc, kblangall, kbqfe, kbsecurity, kbsecbulletin, kbsecvulnerability, kbbug, kbfix, kbpubtypekc, kb

↑ Back to the top

Article Info
Article ID : 944338
Revision : 4
Created on : 4/17/2018
Published on : 4/17/2018
Exists online : False
Views : 163