Microsoft Internet Explorer CVE-2016-0187 Scripting Engine Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-i...

KLA11914 Multiple vulnerability in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in...

Microsoft Internet Explorer Scripting Engine Memory Corruption (MS16-051: CVE-2016-0187)

A use-after-free vulnerability was detected in Microsoft Internet Explorer in the handling of BooleanProtoObj objects. The underlying vulnerability lies in jscript!JSONStringifyArray where a previously released object is reused...

Memory corruption

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability."...

CVE-2016-0002

Technical details for CVE-2016-0002 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2016-0024

CVE-2016-0024 concerns the Chakra JavaScript engine in Microsoft Edge. The connected advisories consistently describe a remote code execution vulnerability in Chakra/Edge via unspecified vectors (memory corruption). Public sources reference MS16-002 and a cumulative security update (MS16-002/3124...

Microsoft Edge Memory Corruption Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. A memory corruption vulnerability exists when Microsoft Edge incorrectly accesses objects in memory, which could allow a remote attacker to execute arbitrary code via a scripting engine memory corruption vulnerability...

Microsoft Scripting Engine Memory Corruption (MS16-002: CVE-2016-0024)

An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to lack of input validation within a DataView object. Successful exploitation of this issue can lead to remote code execution...

MS16-003: Description of the security update for JScript 5.8 and VBScript 5.8: January 12, 2016

Resolves a vulnerability in the VBScript scripting engine in Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user and then install programs, create...

CVE-2015-6135

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."...

Microsoft VBScript and JScript Scripting Engine Information Disclosure Vulnerability (CNVD-2015-08015)

Microsoft Internet Explorer IE is a web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.Microsoft VBScript known as Visual Basic Script is a scripting language, and is also the default programming language for ASP dynamic web pages. JScript ...

Microsoft VBScript and JScript Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer IE is a web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.Microsoft VBScript known as Visual Basic Script is a scripting language, and is also the default programming language for ASP dynamic web pages. JScript ...

Microsoft Internet Explorer Scripting Engine Information Disclosure (MS15-124: CVE-2015-6135)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way VBScript engine manipulates BSTR objects. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

Nmap 7 - Security Scanner For Network Exploration & Security Audits

Nmap “Network Mapper” is a free and open source license utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks. Nmap uses ra...

CVE-2015-6089

The Microsoft 1 VBScript and 2 JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

Elasticsearch Sandbox Escape Command Execution (CVE-2015-1427)

A remote command execution RCE vulnerability exists in the Groovy scripting engine in Elasticsearch. The vulnerability is due to certain scripts bypassing the sandbox protection mechanism. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted request...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CNVD-2015-06661)

Internet Explorer is a web browser from Microsoft. A security vulnerability exists in the implementation of Internet Explorer 9-11 and other products, VBScript and JScript engines. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service memory...

Information disclosure

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."...

Nmap Scripting Engine Scanner Over HTTP Request

Nmap Scripting Engine is a vulnerability scanning product. Remote attackers can use Nmap Scripting Engine to detect vulnerabilities on a target server...

FreeBSD : elasticsearch -- remote OS command execution via Groovy scripting engine (026759e0-1ba3-11e5-b43d-002590263bf5)

Elastic reports : Vulnerability Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the...