50 matches found
Detecting Fileless Attacks with Enterprise EDR’s AMSI Visibility
If this year’s 2020 Cybersecurity Outlook Report taught us anything, it’s that defenders are seeing an increasing amount of defense evasion techniques in their environments. It’s crucial for security teams to have the granular visibility they need to spot malicious attacker behavior, however...
CVE-2019-0665
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772...
Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files
Researchers are warning of a new email phishing campaign that downloads and launches the Quant Loader trojan, capable of distributing ransomware and stealing passwords. Barracuda on Tuesday said it has been tracking emails containing zipped Microsoft internet shortcut files with a “.url” file...
Disable Risky Windows Features: Hardentools
Hardentools is a collection of simple utilities designed to disable a number of “features” exposed by operating systems Microsoft Windows, for now, and primary consumer applications. These features, commonly thought for Enterprise customers, are generally useless to regular users and rather pose ...
Koadic C3 COM Command & Control – JScript RAT
Koadic, or COM Command & Control, is a Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using Windows Script Host a.k.a. JScript/VBScript, with compatibility in t...
Koadic: An Advanced Windows JScript/VBScript RAT!
PenTestIT RSS Feed All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which...
MS13-099: Description of the security update for Windows Script 5.8: December 10, 2013
MS13-099: Description of the security update for Windows Script 5.8: December 10, 2013 INTRODUCTION Microsoft has released security bulletin MS13-099. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...
MS13-099: Description of the security update for Windows Script 5.7: December 10, 2013
MS13-099: Description of the security update for Windows Script 5.7: December 10, 2013 INTRODUCTION Microsoft has released security bulletin MS13-099. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...
VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit
Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...
VBScript RegExpComp::PnodeParse Out-Of-Bounds Read
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the sixth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161108001.html. There you can find a repro th...
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
!-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able t...
VBScript CRegExp::Execute Uninitialized Memory Use
Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the fifth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161107001.html. There you can find a repro th...
Microsoft Windows Script Host 5.1/5.5 GetObject() File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1718/info It is possible for an outside attacker to view known files on a remote system if the target user visits a website or opens an email containing a specially formed script containing the JScript function 'GetObject...
MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library could allow remote code execution: December 10, 2013
Resolves a vulnerability in Windows that could allow remote code execution if an attacker convinces a user to go to a specially crafted website or a website that hosts specially crafted content.INTRODUCTIONMicrosoft has released security bulletin MS13-099. To view the complete security bulletin, ...
CVE-2008-5823
CVE-2008-5823 describes a denial-of-service vulnerability in Microsoft Money 2006 related to an ActiveX control (prtstb06.dll). When the control is used with Windows Script Host/WScript on Windows Vista, supplying a zero Startup property value can trigger an access violation and crash the applica...
VBS script in system security in eight the clever application-vulnerability warning-the black bar safety net
VBS script virus a large number of popular brings us to the VBS function with a new understanding, now everyone on the it also began to pay attention to it. VBS code in local is by the Windows Script HostWSHinterpreter execution. VBS script to perform without the WSH, the WSH is Microsoft offers ...
CVE-2003-0010
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript JScript.dll on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based...
CVE-2003-0010
The CVE-2003-0010 issue is a heap-based overflow in the Windows Script Engine (JsArrayFunctionHeapSort in JScript.dll) that can allow remote code execution via a malicious web page or HTML e-mail. Affected component is Windows Script Engine/JScript.dll; exploit arises from handling large array in...
CVE-2003-0010
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript JScript.dll on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based...
Windows Script Engine integer overflow
Integer overflow on array's sort function...