United States

Change

All Microsoft Sites

Help and Support

MS08-022: Vulnerability in the VBScript and JScript scripting engines could allow remote code execution

View products that this article applies to.

Article ID	:	944338
Last Review	:	August 15, 2008
Revision	:	4.0

INTRODUCTION

Microsoft has released security bulletin MS08-022. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:

•	Home users: http://www.microsoft.com/protect/computer/updates/bulletins/200804.mspx (http://www.microsoft.com/protect/computer/updates/bulletins/200804.mspx) Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now: http://update.microsoft.com/microsoftupdate/ (http://update.microsoft.com/microsoftupdate/)
•	IT professionals: http://www.microsoft.com/technet/security/bulletin/ms08-022.mspx (http://www.microsoft.com/technet/security/bulletin/ms08-022.mspx)

Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)

North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:

http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)

For enterprise customers, support for security updates is available through your usual support contacts.

Back to the top

Known issues with this security update

Back to the top

Issue 1

Symptoms

You install this security update on a Microsoft Windows 2000-based computer that is running a version of Microsoft Internet Explorer that is earlier than Microsoft Internet Explorer 5.5. When you do this, a script that uses features from VBScript 5.0 or a later version of VBScript does not work.

For example, you run a script that uses a feature that is provided by VBScript 5.0 or a later version of VBScript, such as RegExp. When you do this, you may receive an error message that resembles the following error message:

Library is not registered.

Cause

This issue occurs because the installer file for this security update does not add a registry entry that is associated with the new VBScript.dll file.

Workaround

To work around this issue, open a command prompt, type the following command, and then press ENTER:

Regsvr32 vbscript.dll

Back to the top

Issue 2

A setup issue was causing the update for VBScript 5.6 and JScript 5.6 to not be offered, and not installed, if Windows Internet Explorer 7 is installed on the system. The solution is a detection change to this security update. Customers who have successfully updated their systems do not need to reinstall this update.

Back to the top

File information

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported editions of Microsoft Windows 2000 Service Pack 4

File name	File version	File size	Date	Time	Platform
Jscript.dll	5.6.0.8835	458,752	05-Jan-2008	11:05	x86
Vbscript.dll	5.6.0.8835	401,408	05-Jan-2008	11:05	x86

For all supported 32-bit versions of Windows XP

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Jscript.dll	5.6.0.8835	450,560	18-Dec-2007	14:40	x86	SP2	SP2GDR
Vbscript.dll	5.6.0.8835	417,792	18-Dec-2007	14:40	x86	SP2	SP2GDR
Jscript.dll	5.6.0.8835	450,560	18-Dec-2007	14:32	x86	SP2	SP2QFE
Vbscript.dll	5.6.0.8835	417,792	18-Dec-2007	14:32	x86	SP2	SP2QFE

For all supported x64-based versions of Windows XP Professional

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Jscript.dll	5.6.0.8835	998,912	14-Dec-2007	22:58	x64	SP1	SP1GDR
Vbscript.dll	5.6.0.8835	662,016	14-Dec-2007	22:58	x64	SP1	SP1GDR
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	22:58	x86	SP1	SP1GDR\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:58	x86	SP1	SP1GDR\WOW
Jscript.dll	5.6.0.8835	999,424	14-Dec-2007	22:58	x64	SP1	SP1QFE
Vbscript.dll	5.6.0.8835	662,528	14-Dec-2007	22:58	x64	SP1	SP1QFE
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	22:58	x86	SP1	SP1QFE\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:58	x86	SP1	SP1QFE\WOW
Jscript.dll	5.6.0.8835	999,936	14-Dec-2007	23:10	x64	SP2	SP2GDR
Vbscript.dll	5.6.0.8835	663,040	14-Dec-2007	23:10	x64	SP2	SP2GDR
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	23:10	x86	SP2	SP2GDR\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	23:10	x86	SP2	SP2GDR\WOW
Jscript.dll	5.6.0.8835	999,936	14-Dec-2007	22:58	x64	SP2	SP2QFE
Vbscript.dll	5.6.0.8835	663,040	14-Dec-2007	22:58	x64	SP2	SP2QFE
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	22:58	x86	SP2	SP2QFE\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:58	x86	SP2	SP2QFE\WOW

For all supported 32-bit versions of Windows Server 2003

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Jscript.dll	5.6.0.8835	458,752	14-Dec-2007	08:34	x86	SP1	SP1GDR
Vbscript.dll	5.6.0.8835	401,408	14-Dec-2007	08:34	x86	SP1	SP1GDR
Jscript.dll	5.6.0.8835	458,752	14-Dec-2007	08:00	x86	SP1	SP1QFE
Vbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:54	x86	SP1	SP1QFE
Jscript.dll	5.6.0.8835	458,752	14-Dec-2007	08:34	x86	SP2	SP2GDR
Vbscript.dll	5.6.0.8835	401,408	14-Dec-2007	08:34	x86	SP2	SP2GDR
Jscript.dll	5.6.0.8835	458,752	14-Dec-2007	08:41	x86	SP2	SP2QFE
Vbscript.dll	5.6.0.8835	401,408	14-Dec-2007	08:41	x86	SP2	SP2QFE

For all supported x64-based versions of Windows Server 2003

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Jscript.dll	5.6.0.8835	998,912	14-Dec-2007	22:58	x64	SP1	SP1GDR
Vbscript.dll	5.6.0.8835	662,016	14-Dec-2007	22:58	x64	SP1	SP1GDR
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	22:58	x86	SP1	SP1GDR\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:58	x86	SP1	SP1GDR\WOW
Jscript.dll	5.6.0.8835	999,424	14-Dec-2007	22:58	x64	SP1	SP1QFE
Vbscript.dll	5.6.0.8835	662,528	14-Dec-2007	22:58	x64	SP1	SP1QFE
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	22:58	x86	SP1	SP1QFE\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:58	x86	SP1	SP1QFE\WOW
Jscript.dll	5.6.0.8835	999,936	14-Dec-2007	23:10	x64	SP2	SP2GDR
Vbscript.dll	5.6.0.8835	663,040	14-Dec-2007	23:10	x64	SP2	SP2GDR
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	23:10	x86	SP2	SP2GDR\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	23:10	x86	SP2	SP2GDR\WOW
Jscript.dll	5.6.0.8835	999,936	14-Dec-2007	22:58	x64	SP2	SP2QFE
Vbscript.dll	5.6.0.8835	663,040	14-Dec-2007	22:58	x64	SP2	SP2QFE
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	22:58	x86	SP2	SP2QFE\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:58	x86	SP2	SP2QFE\WOW

For all supported Itanium-based versions of Windows Server 2003

File name	File version	File size	Date	Time	Platform	SP requirement	Service branch
Jscript.dll	5.6.0.8835	1,304,576	14-Dec-2007	22:58	IA-64	SP1	SP1GDR
Vbscript.dll	5.6.0.8835	1,116,160	14-Dec-2007	22:58	IA-64	SP1	SP1GDR
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	22:58	x86	SP1	SP1GDR\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	22:58	x86	SP1	SP1GDR\WOW
Jscript.dll	5.6.0.8835	1,306,624	14-Dec-2007	23:00	IA-64	SP1	SP1QFE
Vbscript.dll	5.6.0.8835	1,116,672	14-Dec-2007	23:00	IA-64	SP1	SP1QFE
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	23:00	x86	SP1	SP1QFE\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	23:00	x86	SP1	SP1QFE\WOW
Jscript.dll	5.6.0.8835	1,306,624	14-Dec-2007	23:09	IA-64	SP2	SP2GDR
Vbscript.dll	5.6.0.8835	1,116,672	14-Dec-2007	23:09	IA-64	SP2	SP2GDR
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	23:09	x86	SP2	SP2GDR\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	23:09	x86	SP2	SP2GDR\WOW
Jscript.dll	5.6.0.8835	1,306,624	14-Dec-2007	23:00	IA-64	SP2	SP2QFE
Vbscript.dll	5.6.0.8835	1,116,672	14-Dec-2007	23:00	IA-64	SP2	SP2QFE
Wjscript.dll	5.6.0.8835	458,752	14-Dec-2007	23:00	x86	SP2	SP2QFE\WOW
Wvbscript.dll	5.6.0.8835	401,408	14-Dec-2007	23:00	x86	SP2	SP2QFE\WOW

Back to the top

APPLIES TO

•

Microsoft Windows 2000 Advanced Server SP4

•

Microsoft Windows 2000 Datacenter Server

•

Microsoft Windows XP Service Pack 2, when used with:

		Microsoft Windows XP Home Edition
		Microsoft Windows XP Professional

•

Microsoft Windows XP Professional x64 Edition

•

Microsoft Windows Server 2003, Datacenter x64 Edition

•

Microsoft Windows Server 2003, Enterprise x64 Edition

•

Microsoft Windows Server 2003, Standard x64 Edition

•

Microsoft Windows Server 2003 Service Pack 1, when used with:

		Microsoft Windows Server 2003, Web Edition
		Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
		Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
		Microsoft Windows Server 2003, Standard Edition (32-bit x86)
		Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
		Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems

•

Microsoft Windows Server 2003 Service Pack 2, when used with:

		Microsoft Windows XP Professional x64 Edition
		Microsoft Windows Server 2003, Web Edition
		Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
		Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
		Microsoft Windows Server 2003, Standard Edition (32-bit x86)
		Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
		Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
		Microsoft Windows Server 2003, Datacenter x64 Edition
		Microsoft Windows Server 2003, Enterprise x64 Edition
		Microsoft Windows Server 2003, Standard x64 Edition

Back to the top

kbexpertiseinter kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbpubtypekc KB944338

Back to the top

Article Translations

Related Support Centers

Other Support Options

Need More Help?
Contact a Support professional by E-mail, Online or Phone.
Customer Service
For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
Newsgroups
Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.

MS08-022: Vulnerability in the VBScript and JScript scripting engines could allow remote code execution

On This Page

INTRODUCTION

How to obtain help and support for this security update

Known issues with this security update

Issue 1

Symptoms

Cause

Workaround

Issue 2

File information

For all supported editions of Microsoft Windows 2000 Service Pack 4

For all supported 32-bit versions of Windows XP

For all supported x64-based versions of Windows XP Professional

For all supported 32-bit versions of Windows Server 2003

For all supported x64-based versions of Windows Server 2003

For all supported Itanium-based versions of Windows Server 2003

APPLIES TO

Keywords:

Article Translations

Related Support Centers

Other Support Options

Page Tools