123 matches found
Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2
Microsoft patched a zero-day vulnerability that enabled attackers to escalate privileges on targeted systems, which include Windows 7, Server 2008 and Server 2008 R2 systems. The vulnerability, rated important, was part of Microsoft’s Patch Tuesday November security bulletin, which included 62...
Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8671)
An off-by-one vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to the way Microsoft Edge Chakra JavaScript engine renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...
Microsoft Edge Chakra Eval Integer Overflow (CVE-2017-8641)
An integer overflow vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to an overly large size of the eval function argument. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
CVE-2017-8658
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...
CVE-2017-8658
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...
CVE-2017-8658
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...
CVE-2017-8658
ChakraCore is affected by CVE-2017-8658: a remote code execution through memory corruption in the scripting engine when handling objects in memory. The vulnerability could allow arbitrary code execution with the current user’s rights; exploitation is remote and relies on the ChakraCore engine. Mi...
Microsoft Patch Tuesday - July 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 54 vulnerabilities with 19 of them rated critical, 32 rated important, and 3 rated moderate. Impacted products include Edge, .NET Framework, Internet Explorer,...
CVE-2017-0236
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...
CVE-2017-0235
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...
CVE-2017-0234
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...
Remote code execution
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...
Remote code execution
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...
Remote code execution
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...
CVE-2017-0236
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230,...
CVE-2017-0235
CVE-2017-0235 corresponds to a remote code execution vulnerability in Microsoft Edge tied to Chakra's memory handling when rendering objects. The connected advisories describe a memory corruption issue in the Chakra JavaScript engine that could be triggered to execute arbitrary code, affecting Ed...
CVE-2017-0234
CVE-2017-0234 corresponds to a remote code execution in the Chakra JavaScript engine used by Microsoft Edge, triggered by memory handling when rendering objects. Connected advisories confirm a ChakraCore/Edge scripting-engine memory corruption issue; exploitation would arise from the engine’s han...
CVE-2017-0236
The connected documentation confirms CVE-2017-0236 is a remote code execution vulnerability in Microsoft Edge’s Chakra JavaScript engine related to memory handling of objects, described as a Scripting Engine Memory Corruption vulnerability. The issue is triggered during rendering in memory, enabl...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-base...
Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-06595)
Microsoft Edge is the web browser built into the Windows 10 version. A remote memory corruption vulnerability exists in the Chakra JavaScript engine rendering when Microsoft Edge handles in-memory objects, where an attacker could execute arbitrary code in the current user context...