Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11873)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way that the scripting engine of Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11840)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11861)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

KLA11855 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. An information...

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11837)

A remote code execution vulnerability exists in Microsoft browsers. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the...

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11843)

A Use-After-Free vulnerability exists in Microsoft browsers. The vulnerability is due to the way the scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...

KB4042895: Windows 10 October 2017 Cumulative Update (KRACK)

The remote Windows host is missing security update 4042895. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...

CVE-2017-11767

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

Memory corruption

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

CVE-2017-11767

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

CVE-2017-11767

CVE-2017-11767 describes a memory corruption vulnerability in the ChakraCore scripting engine. The issue allows an attacker to execute arbitrary code with the same user rights as the current logged-in user, potentially taking control of the system if the user has administrative rights. Documents ...

Cisco NX-OS Python Scripting Engine Elevation of Privilege Vulnerability

Cisco NX-OS software is a data center-class operating system that embodies modular design, sustainability, and maintainability. A security vulnerability exists in Cisco NX-OS that allows a user with locally executable Python scripts to elevate privileges on the Python subsystem to execute arbitra...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2017-11809)

Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone Assertthis-mreader.GetCurrentOffset == 0; this-InitializeClosures; DoStackScopeSlots...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2017-11802)

No description provided by source. The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating "ImplicitCallFlags". But "RegexHelper::StringReplace" calls the replace function without...

October 10, 2017—KB4041691 (OS Build 14393.1770)

October 10, 2017—KB4041691 OS Build 14393.1770 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where the Universal CRT caused the linker link.exe to stop working for large...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11802)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11799)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine in Edge renders when handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

CVE-2017-11810

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the...

CVE-2017-11808

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

CVE-2017-11807

ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792,...