Microsoft Edge Memory Corruption Vulnerability (CNVD-2017-28654)

Microsoft Windows 10 is an operating system released by Microsoft Corporation.Microsoft Edge is a web browser that comes with the system.scripting engine is a JavaScript engine component. A memory corruption vulnerability exists in the scripting engine of Edge in Microsoft Windows. A remote...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...

chromium-browser: type confusion in v8

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Microsoft Edge EmitAssignment Memory Corruption

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8670)

A remote code execution Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8645)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the conte...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8657)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8671)

An off-by-one vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to the way Microsoft Edge Chakra JavaScript engine renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially...

Microsoft Edge Chakra Eval Integer Overflow (CVE-2017-8641)

An integer overflow vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to an overly large size of the eval function argument. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Adobe Acrobat/Reader Remote Code Execution Vulnerability (CNVD-2017-28433)

Adobe Reader is a PDF document reading software.Acrobat is a PDF document editing software. Adobe Acrobat Reader has a remote code execution vulnerability in the JavaScript engine when creating larger strings, which can be exploited by attackers to execute arbitrary code...

CVE-2017-3113

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3113

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution...

CVE-2017-11254

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution...

Double free

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution...

Design/Logic Flaw

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-8658

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

CVE-2017-8658

A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

CVE-2017-8658

ChakraCore is affected by CVE-2017-8658: a remote code execution through memory corruption in the scripting engine when handling objects in memory. The vulnerability could allow arbitrary code execution with the current user’s rights; exploitation is remote and relies on the ChakraCore engine. Mi...

Microsoft Chakra JavaScript Engine Remote Code Execution Vulnerability

Microsoft Chakra JavaScript engine is a component of the JavaScript engine used in Internet Explorer and Edge Web browsers by Microsoft. A remote code execution vulnerability exists in the Microsoft Chakra JavaScript engine. A remote attacker could exploit this vulnerability to execute arbitrary...

CVE-2017-7781

An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINTATINFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an...