Memory corruption

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

Security feature bypass

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."...

CVE-2015-2482

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted replace operation with a JavaScript regular expressio...

CVE-2015-6052

CVE-2015-6052 covers a security feature bypass in the VBScript 5.7/5.8 and JScript 5.7/5.8 engines used by Internet Explorer 8–11 and other products. A remote attacker could bypass ASLR via a crafted website. The issue is described as a VBScript/JScript ASLR bypass affecting IE components; relate...

CVE-2015-2482

CVE-2015-2482 affects Microsoft VBScript/JScript engines (VBScript 5.7/5.8 and JScript 5.7/5.8) used in Internet Explorer 8–11 and related products. A crafted replace operation on a JavaScript RegExp can trigger memory corruption, enabling remote code execution or a denial of service. Connected s...

CVE-2015-6059

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."...

CVE-2015-6055

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Filter arguments, aka "Scripting Engine Memory Corrupti...

CVE-2015-6052

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."...

CVE-2015-6056

CVE-2015-6056 is an Internet Explorer scripting engine memory corruption vulnerability affecting IE9–IE11. The issue arises in the JScript/VBScript engines when processing a crafted web page, allowing remote code execution or memory corruption leading to a denial of service. Public exploit activi...

CVE-2015-6059

The CVE-2015-6059 entry corresponds to an information-disclosure vulnerability in Microsoft’s VBScript 5.7/5.8 and JScript 5.7/5.8 engines used by Internet Explorer 8–11 and other products. A remote attacker could obtain sensitive information from process memory via a crafted web site (Scripting ...

CVE-2015-6056

The 1 JScript and 2 VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

CVE-2015-6055

The CVE-2015-6055 issue affects the Microsoft scripting engines used by Internet Explorer (VBScript 5.7/5.8 and JScript 5.7/5.8) and is caused by memory corruption when processing crafted Filter arguments. This can allow remote code execution or memory corruption leading to a DoS; affected produc...

JScript 5.7 RegExpBase::FBadHeader Use-After-Free

Recompiling the regular expression pattern during a replace can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size. CVE-2015-2482: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482...

Microsoft Windows JScript and VBScript Remote Code Execution Vulnerability (3089659)

This host is missing a critical security update according to Microsoft Bulletin MS15-108. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft VBScript and JScript CVE-2015-6059 Information Disclosure Vulnerability

Description Microsoft VBScript and JScript are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further...

MS15-108: Security update for JScript and VBScript to address remote code execution: October 13, 2015

Resolves vulnerabilities in the VBScript and JScript scripting engines in Windows that could allow remote code execution.SummaryThis security update resolves vulnerabilities in the VBScript and JScript scripting engines in Windows. The more severe of these vulnerabilities could allow remote code...

Microsoft VBScript and JScript ASLR Bypass (MS15-106: CVE-2015-6052)

A security feature bypass vulnerability has been discovered in JScript and VBScript scripting engines. The vulnerability is due to the way that the VBScript scripting engine uses the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a...

Microsoft VBScript and JScript CVE-2015-6052 ASLR Security Bypass Vulnerability

Description Microsoft VBScript and JScript are prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Microsoft Internet Explorer...

Microsoft Windows JScript ArrayBuffer.slice Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose the contents of arbitrary memory locations on applications using the JScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit...

MS15-108: Security Update for JScript and VBScript to Address Remote Code Execution (3089659)

The VBScript and JScript engines on the remote host are affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in the VBScript and JScript engines due to improper handling of objects in memory. A remote attacker can exploit these vulnerabilities by convincin...