424 matches found
MS11-009: Vulnerability in JScript and VBScript scripting engines could allow remote code execution
MS11-009: Vulnerability in JScript and VBScript scripting engines could allow remote code execution INTRODUCTION Microsoft has released security bulletin MS11-009. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...
Microsoft Internet Explorer 8 jscript - 'RegExpBase::FBadHeader' Use-After-Free (MS15
Exploit for windows platform in category dos / poc // This PoC attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new RegExp"A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g"; "A".replacer, function // Force OLEAUT...
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free (MS15-018)
Microsoft Internet Explorer 8 - jscript RegExpBase::FBadHeader Use-After-Free MS15-018 // This PoC attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new RegExp"A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g";...
Microsoft Internet Explorer 8 - jscript 'RegExpBase::FBadHeader' Use-After-Free (MS15-018)
// This PoC attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new RegExp"A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g"; "A".replacer, function // Force OLEAUT32 to free the string for var j = 0; j !--...
Double-click me not: Malicious proxy settings in OLE Embedded Script
Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works ...
Microsoft Multiple Scripting Engine Memory Corruption Vulnerability (CNVD-2016-04925)
Microsoft Internet Explorer IE and Microsoft Edge are web browsers developed by Microsoft Corporation. The former is the default browser that comes with operating systems prior to Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10. JScript is...
Microsoft Multiple Scripting Engine Memory Corruption Vulnerability (CNVD-2016-04926)
Microsoft Internet Explorer IE and Microsoft Edge are web browsers developed by Microsoft Corporation. The former is the default browser that comes with operating systems prior to Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10. JScript is...
CVE-2016-3260
The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memo...
CVE-2016-3259
The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting...
CVE-2016-3248
The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting...
Memory corruption
The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memo...
Memory corruption
The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting...
CVE-2016-3204
The Microsoft 1 JScript 5.8 and 9 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...
CVE-2016-3259
The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting...
CVE-2016-3260
The CVE-2016-3260 issue affects Microsoft’s scripting engines (JScript 9, VBScript, and Chakra) used by Internet Explorer 11 and Microsoft Edge. A memory corruption flaw in the engines could allow remote code execution or a denial of service when processing a crafted web site, as described in the...
CVE-2016-3204
CVE-2016-3204 involves a memory corruption vulnerability in Microsoft JScript 5.8/9 and VBScript 5.7/5.8 engines used by Internet Explorer 9–11 and related components. The flaw could allow remote code execution or a denial-of-service condition when a user visits a crafted website. Public details ...
CVE-2016-3204
The Microsoft 1 JScript 5.8 and 9 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...
CVE-2016-3259
CVE-2016-3259 concerns memory corruption in Microsoft JScript 9, VBScript, and Chakra JavaScript engines used by Internet Explorer 9–11 and Edge, per the CVE entry and multiple related advisories. The connected documents corroborate a Chakra/JScript/VBScript memory corruption vulnerability that e...
CVE-2016-3248
CVE-2016-3248 covers a memory corruption vulnerability in Microsoft scripting engines (JScript 9, VBScript, Chakra) used by IE 9–11 and Edge. Exploitation via a crafted web site could allow remote code execution or memory corruption leading to DoS. Affected components: JScript/VBScript/Chakra wit...
Microsoft Multiple Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer IE and Microsoft Edge are web browsers developed by Microsoft Corporation. The former is the default browser that comes with operating systems prior to Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10. JScript is...