CVE-2017-0028

A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Remote code execution

A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Remote code execution

A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An...

CVE-2017-0028

The connected data confirms CVE-2017-0028 affects the Microsoft scripting engine (ChakraCore) and is due to a use-after-free in Parse.cpp when asynchronous arrow functions are used, enabling remote code execution with the caller’s user rights. Impact is remote code execution in the context of the...

CVE-2017-0196

Summary: CVE-2017-0196 concerns the Microsoft scripting engine (ChakraCore) exposing information through a heap over-read in the IsMissingItem function when processing crafted web content, enabling a remote attacker to read confidential memory. Affected component: Microsoft ChakraCore JavaScript ...

CVE-2017-0028

A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

CVE-2017-0196

An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."...

CVE-2017-0152

CVE-2017-0152 is described across multiple sources as a remote code execution vulnerability in the Microsoft scripting engine, with memory corruption that could allow an attacker to execute arbitrary code under the current user. Veracode specifically attributes the issue to ChakraCore’s handling ...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-14609)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly handle memory objects and has a remote memory corruption vulnerability in its implementation that can be exploited by an attacker to execute arbitrary code in the current user context...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-14642)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly handle memory objects and is implemented with a remote memory corruption vulnerability that can be exploited by an attacker to execute arbitrary code in the current user context...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-14449)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly handle memory objects and is implemented with a remote memory corruption vulnerability that can be exploited by an attacker to execute arbitrary code in the current user context...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-14451)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge fails to properly handle in-memory objects, and a remote code execution vulnerability exists in the scripting engine presentation, where an attacker could execute arbitrary code in the current user context...

Microsoft Windows Multiple Vulnerabilities (KB4025344)

This host is missing a critical security update according to Microsoft KB4025344 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4025342)

This host is missing a critical security update according to Microsoft KB4025342 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in...

Remote code execution

Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from...

CVE-2017-8603

Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption...

CVE-2017-8619

CVE-2017-8619 refers to a remote code execution vulnerability in the Microsoft Edge scripting engines on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The issue arises in how the Scripting Engines render objects in memory, i.e., a memory corruption vulnerability in Edge’s scripting...

CVE-2017-8618

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in...

Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities

Microsoft today released patches for 19 critical vulnerabilities, one of which was publicly known prior to the update. In all, 54 vulnerabilities were patched in Windows, Edge, Internet Explorer, Office and Exchange as part of Microsoft’s monthly Patch Tuesday release; 32 flaws were rated importa...