Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: ========================================= function go var r= ne...

Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors. Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a...

Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD

var s = 'a'; forvar i=0;i !-- ============================================...

Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable

var x = new URIErrornew Array, undefined, undefined; String.prototype.localeCompare.callx, new Date0, 0, 0, 0, 0, 0, undefined; Array.prototype.slice.call1; !-- ============================================ Technical details: The issue is in jscript!JsArraySlice Array.prototype.slice.call in the P...

Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free

var vars = new Array100; forvar i=0;i !-- ============================================ PoC for WPAD might require page heap to trigger the crash: ============================================ function FindProxyForURLurl,...

Microsoft Windows Array.sort jscript.dll Heap Overflow Exploit

There is an heap overflow vulnerability in jscript.dll library used in IE, WPAD and other places. The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort. Windows: heap overflow in jscript.dll in Array.sort CVE-2017-11907 There is an heap overflow vulnerability in jscript.d...

Microsoft Windows - jscript!RegExpFncObj::LastParen Out-of-Bounds Read

Microsoft Windows - jscript!RegExpFncObj::LastParen Out-of-Bounds Read function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; r rax=0000000000000063 rbx=000000000476fd90 rcx=0000000000000063 rdx=0000000000000064 rsi=000000000476fd90 rdi=000007fef23d37d0...

Microsoft Windows jscript!NameTbl::GetValDef Use-After-Free Exploit

Exploit for windows platform in category dos / poc Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903 There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this...

Microsoft Windows Array.sort jscript.dll Heap Overflow

Windows: heap overflow in jscript.dll in Array.sort CVE-2017-11907 There is an heap overflow vulnerability in jscript.dll library used in IE, WPAD and other places. The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort. PoC for IE note: page heap might be required to...

Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD

Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD var s = 'a'; forvar i=0;i...

Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free Exploit

There is a use-after-free in jscript.dll library that can be exploited in IE11. IE11: use-after-free in jscript!JSONStringifyObject CVE-2017-11793 There is a use-after-free in jscript.dll library that can be exploited in IE11. PoC: ========================================= var o1 = toJSON:functio...

Microsoft Windows jscript!RegExpComp::Compile Heap Overflow

Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue...

Windows jscript!NameTbl::GetValDef Use-After-Free

Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903 There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery...

Microsoft IE11: use-after-free in jscript!JsErrorToString(CVE-2017-11810)

There is a use-after-free in jscript.dll library that can be exploited in IE11. jscript.dll is an old JavaScript library that was used in IE 8 and back. However, IE11 can still load it if put into IE8 compatibility mode and if there is a script tag that can only be understood by the older library...

Microsoft Internet Explorer 11 jscript!JsErrorToString Use-After-Free Exploit

Microsoft Internet Explorer 11 suffers from a use-after-free vulnerability in jscript!JsErrorToString. Microsoft IE11: use-after-free in jscript!JsErrorToString CVE-2017-11810 There is a use-after-free in jscript.dll library that can be exploited in IE11. jscript.dll is an old JavaScript library...

Microsoft Internet Explorer 11 - jscript!JsErrorToString Use-After-Free

Microsoft Internet Explorer 11 - jscript!JsErrorToString Use-After-Free var e = new Error; var o = toString:function //alert'in toString'; e.name = 1; CollectGarbage; //reallocate forvar i=0;i !-- ========================================= This is a use-after-free in jscript!JsErrorToString that c...

Yahoo! Messenger 7.0/7.5 jscript.dll Non-Ascii Character DoS

No description provided by source. source: http://www.securityfocus.com/bid/18622/info Yahoo! Messenger is prone to a denial-of-service vulnerability. Successful exploitation will cause the application to crash, effectively denying service. This issue affects version 7.5.0.814; other versions may...

MS11-009: Vulnerability in JScript and VBScript Scripting Engine Could Allow Information Disclosure (2475792)

The installed versions of the VBScript and JScript Scripting Engines allow an attacker to obtain sensitive information by enticing a user into visiting a specially crafted website. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid51909; scriptversion"1.20";...

CVE-2006-3298

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service crash via messages that contain non-ASCII characters, which triggers the crash in jscript.dll...

CVE-2006-3298

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service crash via messages that contain non-ASCII characters, which triggers the crash in jscript.dll...