CVE-2023-1004

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit h...

Code injection

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit h...

CVE-2023-1004 MarkText WSH JScript code injection

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit h...

CVE-2023-1004 MarkText WSH JScript code injection

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit h...

CVE-2023-1003 Typora WSH JScript code injection

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and m...

CVE-2023-1003

Typora (on Windows) up to v1.5.5 contains a code injection vulnerability in the WSH JScript Handler component. The issue requires local access to exploit and has been publicly disclosed. Upgrading to v1.5.8 fixes the flaw; as a temporary workaround, restrict access to the WSH JScript Handler. Aff...

VulnCheck KEV: CVE-2022-41128

Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...

ChakraCore RCE Vulnerability

The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting...

GHSA-H6G3-73H7-CHXP ChakraCore RCE Vulnerability

The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memo...

ChakraCore RCE Vulnerability

The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memo...

Microsoft Internet Explorer Memory Corruption Vulnerability

JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

Microsoft Internet Explorer Memory Corruption Vulnerability

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip

ZipExec is a Proof-of-Concept POC tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip fil...

VulnCheck KEV: CVE-2016-3205

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

VulnCheck KEV: CVE-2016-3210

The Microsoft 1 JScript and 2 VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

VulnCheck KEV: CVE-2016-3206

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

Microsoft Scripting Engine 缓冲区错误漏洞

Microsoft Scripting Engine is a tool from Microsoft Corporation USA that provides a scripting engine for JScript and VBScript. A buffer error vulnerability exists in Microsoft Microsoft Scripting Engine. The following products and versions are affected:Windows 10 Version 1809 for 32-bit...

Microsoft Internet Explorer 11 Use-After-Free

Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Date: 2021-02-05 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7...

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...

October 13, 2020—KB4580370 (OS Build 15063.2525)

October 13, 2020—KB4580370 OS Build 15063.2525 NEW IMPORTANT Release notes are changing! To learn about the new URL, metadata updates, and more, see What’s next for Windows release notes. Current status of Windows 10, version 1703 Windows 10, version 1703 has reached end of service for all...