1197 matches found
CVE-2019-0667
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772...
CVE-2019-0667
CVE-2019-0667 is a remote code execution vulnerability in the Windows VBScript Engine, caused by the way the engine handles objects in memory. The CVE entry identifies the affected component as the VBScript engine in Windows, with exploitation relying on memory object handling to achieve code exe...
CVE-2019-0666
CVE-2019-0666 describes a remote code execution vulnerability in the Windows VBScript Engine, arising from how the engine handles objects in memory. The flaw is defined as a memory-object handling issue within VBScript, and is noted as distinct from CVE-2019-0665, CVE-2019-0667, and CVE-2019-0772...
CVE-2019-0666
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772...
CVE-2019-0665
CVE-2019-0665/66/67/72 describe a remote code execution in the Windows VBScript Engine caused by how the engine handles objects in memory. The CVSS metrics in the Initial document indicate high impact (C/I/A High) with network access, required user interaction, and no privileges required. The CIR...
CVE-2019-0665
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772...
Microsoft Windows VBScript Array Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...
VulnCheck KEV: CVE-2019-0667
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772...
VulnCheck KEV: CVE-2019-0666
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772...
Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns
A recently discovered vulnerability in the WinRAR file archival utility has been exploited in a slew of new campaigns, including one with a never-before-seen payload. The flurry of activity shows no sign of waning as cybercriminals continue to find success exploiting the bug. The campaigns take...
Microsoft VBScript - VbsErase Memory Corruption Exploit
r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...
Microsoft VBScript - VbsErase Memory Corruption
r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML !-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML Exploit
!-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which...
Microsoft VBScript - VbsErase Memory Corruption
Microsoft VBScript - VbsErase Memory Corruption r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
!-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which...
simple-markdown cross-site scripting vulnerability
simple-markdown is a simple, extensible Markdown-like parser . A cross-site scripting vulnerability exists in simple-markdown.js in Khan Academy simple-markdown versions prior to 0.4.4. The vulnerability can be exploited to conduct cross-site scripting attacks via the data: or vbscript: URI...
CVE-2019-9844
CVE-2019-9844 affects the Node package simple-markdown (Khan Academy’s simple-markdown) up to version 0.4.3. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient input sanitization in links, enabling execution of malicious JavaScript via data: or VBScript: URIs. The issue...
Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way memory objects are handled in the VBScript Engine of...
Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CNVD-2019-10619)
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from Microsoft Corporation.VBScript Engine is one of the VBScript scripting language engines. A remote code execution vulnerability exists in the way memory objects are handled in the VBScript Engine of...