Microsoft Windows multiple security vulnerabilities

Buffer overflow in shell on thumbnail parsing, memory corruption on OpenType Compact Font Format parsing, privilege escalation via CSRSS, LSA, kernel and different drivers, Kerberos server spoofing, JScript/VBScript memory content leak...

CVE-2011-0031

The 1 JScript 5.8 and 2 VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, a...

Information disclosure

The 1 JScript 5.8 and 2 VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, a...

CVE-2011-0031

The 1 JScript 5.8 and 2 VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, a...

Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)

This host is missing a critical security update according to Microsoft Bulletin MS11-009. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2011-0031

The CVE-2011-0031 issue affects the JScript 5.8 and VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7. The root cause is improper loading of decoded scripts obtained from web pages, which can trigger memory corruption and lead to information disclosure when a user v...

Microsoft Ships 12 Bulletins in February's Patch Tuesday

Microsoft addressed 22 flaws with 12 separate bulletins in February’s edition of Patch Tuesday, including three bulletins that were rated critical with the remaining nine rated as important. Among the programs affected are Microsoft Windows, Internet Explorer, Office, Visual Studio, and IIS. The...

Microsoft VBScript and JScript Scripting Engines Information Disclosure Vulnerability

Description Microsoft VBScript and JScript scripting engines are prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Attackers can exploit this issue by enticing an unsuspecting user to...

JScript and VBScript Scripting Engines Information Disclosure (MS11-009; CVE-2011-0031)

An information disclosure vulnerability has been discovered in JScript and VBScript scripting engines. VBScript stands for Microsoft Visual Basic Scripting Edition that includes Web client scripting in Microsoft Internet Explorer and Web server scripting in Microsoft Internet Information Service...

Microsoft Internet Explorer 'ReleaseInterface()' RCE Vulnerability

Internet Explorer is prone to a remote code execution RCE vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900278. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability

This host is installed with Internet Explorer and is prone to remote code execution vulnerability. This NVT has been replaced by NVT secpodms11-018.nasl OID:1.3.6.1.4.1.25623.1.0.900278. OpenVAS Vulnerability Test $Id: gbmsiereleaseinterfacecodeexecutionvuln.nasl 6526 2017-07-05 05:43:52Z cfische...

Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

This host is missing a critical security update according to Microsoft Bulletin MS08-008. OpenVAS Vulnerability Test $Id: gbms08-008.nasl 5548 2017-03-11 17:28:59Z cfi $ Vulnerability in OLE Automation Could Allow Remote Code Execution 947890 Authors: Madhuri D Copyright: Copyright c 2011 Greenbo...

Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

This host is missing a critical security update according to Microsoft Bulletin MS08-008. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability

This host is installed with Internet Explorer and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbmsieinfodiscvuln.nasl 6527 2017-07-05 05:56:34Z cfischer $ Microsoft Internet Explorer 'mshtml.dll' Information Disclosure Vulnerability Authors: Sooraj KS...

CVE-2010-3886

The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory...

Lizard Cart - Arbitrary File Upload

Lizard Cart - Arbitrary File Upload ======================================================================================== | Title : Lizard Cart Upload Shell Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

IIS 5.0 ServerVariables_Jscript.asp 暴露服务器路径

No description provided by source...

Autodesk SoftImage 7.0 Scene - .TOC File Remote Code Execution

Autodesk SoftImage 7.0 Scene - .TOC File Remote Code Execution source: https://www.securityfocus.com/bid/36637/info Autodesk Softimage is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code within the context of the affected...

Microsoft JScript脚本引擎Arguments关键字内存破坏漏洞（MS09-045）

BUGTRAQ ID: 36224 CVECAN ID: CVE-2009-1920 JScript是一种解释性的基于对象的脚本语言。 JScript脚本引擎（JScript.dll）处理网页中脚本的方式存在远程代码执行漏洞。在解析jscript arguments关键字时，由于arguments对象在某一时间之前不可用，调用该对象可能导致内存破坏。 如果用户打开了特制文件或访问了运行脚本的特制网站，这个漏洞可能允许远程执行指令。 Microsoft JScript 5.8 Microsoft JScript 5.7 Microsoft JScript 5.6 Microsoft...

Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)

This host is missing a critical security update according to Microsoft Bulletin MS09-045. OpenVAS Vulnerability Test $Id: secpodms09-045.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft JScript Scripting Engine Remote Code Execution Vulnerability 971961 Authors: Nikita MR Added JScript 5.7 on...