MS12-056  Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution

2012-08-14 This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows. The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Vulnerabilities addressed in this bulletin:

JavaScript Integer Overflow Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the JScript and VBScript engines calculate the size of an object in memory during a copy operation. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2012-2523

Bulletin details at Microsoft.com