2820 matches found
CVE-2017-8674
Technical details for CVE-2017-8674 are not publicly available in the provided documents; no affected products, root cause, or fixes are specified here. Monitor for updates from security advisories and vendor advisories.
CVE-2017-8659
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability"...
CVE-2017-8637
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard ACG due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time JIT compiler, aka "Scripting Engine Security Feature Bypass Vulnerability"...
CVE-2017-8646
CVE-2017-8646 concerns a remote code execution vulnerability in Microsoft Edge’s scripting engine memory handling. Affected product/variant: Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016, where the JavaScript engine could corrupt memory while rendering objects i...
CVE-2017-8637
CVE-2017-8637 affects Microsoft Edge on Windows 10 version 1703, describing a security feature bypass of Arbitrary Code Guard (ACG) due to memory access in Edge’s JIT-compiled code. Connected sources detail that the Chakra/JIT server memory handling can process unvalidated loop headers, enabling ...
CVE-2017-8659
CVE-2017-8659 affects Microsoft Edge and Microsoft Internet Explorer on Windows 10 version 1703, due to the Chakra scripting engine not properly handling objects in memory, enabling information disclosure. The vulnerability is documented as a Chakra information disclosure issue with the Edge/IE m...
CVE-2017-8640
CVE-2017-8640 is a Microsoft Edge scripting engine memory corruption vulnerability in Windows 10 (Gold/1511/1607/1703) and Windows Server 2016. The issue arises when rendering objects in memory, allowing an attacker to execute arbitrary code in the context of the current user. The connected advis...
August Patch Tuesday: 25 critical Microsoft vulnerabilities, 43 for Adobe
Today Microsoft released patches covering 48 vulnerabilities as part of August’s Patch Tuesday update, with 15 of them affecting Windows. Patches covering 25 of these vulnerabilities are labeled as Critical, and 27 can result in Remote Code Execution. According to Microsoft, none of these...
Microsoft Patches Critical Windows Search Vulnerability
Microsoft patched more than two dozen remote code execution vulnerabilities today, many of them rated critical. One was a RCE bug that allowed an attacker to take complete control of a server or workstation via Windows Search. The fixes were part of Microsoft’s August Patch Tuesday update that...
Scripting Engine Information Disclosure Vulnerability
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an...
KLA11084 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code and obtain sensitive information. Below is a complete list of...
Microsoft Edge CVE-2017-8659 Scripting Engine Information Disclosure Vulnerability
Description Microsoft Edge is prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks...
KLA11846 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of...
June 13, 2017 - KB4022714 (OS Build 10586.962)
June 13, 2017 - KB4022714 OS Build 10586.962 Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where, after installing KB3164035, users cannot print enhanced metafil...
Microsoft scripting engine remote code execution vulnerability (CNVD-2017-18579)
Microsoft scripting engine is the United States Microsoft Microsoft company developed a for Microsoft Internet Explorer IE and Edge browser in the JavaScript engine. A remote code execution vulnerability exists in Microsoft scripting engine. A remote attacker can exploit this vulnerability to...
Microsoft scripting engine information disclosure vulnerability
Microsoft scripting engine is the United States Microsoft Microsoft company developed a for Microsoft Internet Explorer IE and Edge browser in the JavaScript engine. An information disclosure vulnerability exists in Microsoft scripting engine. A remote attacker could exploit this vulnerability to...
Microsoft scripting engine remote code execution vulnerability
Microsoft scripting engine is the United States Microsoft Microsoft company developed a for Microsoft Internet Explorer IE and Edge browser in the JavaScript engine. The Microsoft scripting engine suffers from a remote code execution vulnerability that stems from the program failing to properly...
Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-16997)
Microsoft Windows 10 is an operating system released by Microsoft Corporation.Microsoft Edge is a web browser that comes with the system.scripting engine is a JavaScript engine component. A remote code execution vulnerability exists in the scripting engine of Edge in Microsoft Windows 10 version...
CVE-2017-0196
An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."...
CVE-2017-0028
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...