5 matches found
Microsoft JScript脚本引擎Arguments关键字内存破坏漏洞(MS09-045)
BUGTRAQ ID: 36224 CVECAN ID: CVE-2009-1920 JScript是一种解释性的基于对象的脚本语言。 JScript脚本引擎(JScript.dll)处理网页中脚本的方式存在远程代码执行漏洞。在解析jscript arguments关键字时,由于arguments对象在某一时间之前不可用,调用该对象可能导致内存破坏。 如果用户打开了特制文件或访问了运行脚本的特制网站,这个漏洞可能允许远程执行指令。 Microsoft JScript 5.8 Microsoft JScript 5.7 Microsoft JScript 5.6 Microsoft...
ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability
ZDI-09-062: Microsoft Internet Explorer JScript arguments Invocation Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-062 September 8, 2009 -- CVE ID: CVE-2009-1920 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPointTM...
CVE-2009-1920
The CVE-2009-1920 vulnerability is a remote code execution flaw in the JScript scripting engine (JScript.dll) used by Internet Explorer. It arises from the engine’s handling of decoded scripts loaded into memory, where memory corruption can occur and allow arbitrary code execution when a user vis...
JScript Scripting Engine Web Pages Decoding Code Execution (MS09-045; CVE-2009-1920)
JScript is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive. A remote code execution vulnerability has been reported in the way that the JScript scripting engine decodes script in Web pages. The vulnerability is due to a memory...
MS09-045: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
The remote host is running a version of Windows that contains a flaw in its JScript scripting engine. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious JScript and enticing a victim to visit a web site or view a specially crafted email message. C...