Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 12:32 a.m.21 views

ChakraCore RCE Vulnerability

ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11793,...

7.6CVSS7.2AI score0.08761EPSS
Exploits0References7Affected Software1
0day.today
0day.today
added 2017/12/19 12:0 a.m.73 views

Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free Exploit

There is a use-after-free in jscript.dll library that can be exploited in IE11. IE11: use-after-free in jscript!JSONStringifyObject CVE-2017-11793 There is a use-after-free in jscript.dll library that can be exploited in IE11. PoC: ========================================= var o1 = toJSON:functio...

7.6CVSS7.7AI score0.48907EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/12/18 12:0 a.m.42 views

Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free

IE11: use-after-free in jscript!JSONStringifyObject CVE-2017-11793 There is a use-after-free in jscript.dll library that can be exploited in IE11. PoC: ========================================= var o1 = toJSON:function alert'o1'; return o2; var o2 = toJSON:function alert'o2'; CollectGarbage; retu...

7.6CVSS0.48907EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2017/11/30 12:0 a.m.60 views

Security Updates for Internet Explorer (October 2017)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a...

7.6CVSS7.5AI score0.5389EPSS
Exploits7References9
NVD
NVD
added 2017/10/13 1:29 p.m.27 views

CVE-2017-11793

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the...

7.6CVSS7.6AI score0.48907EPSS
Exploits3References4
Prion
Prion
added 2017/10/13 1:29 p.m.16 views

Memory corruption

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

7.6CVSS7.6AI score0.69163EPSS
Exploits20References3
Prion
Prion
added 2017/10/13 1:29 p.m.18 views

Memory corruption

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

7.6CVSS7.6AI score0.69163EPSS
Exploits20References4Affected Software1
CVE
CVE
added 2017/10/13 1:0 p.m.86 views

CVE-2017-11793

CVE-2017-11793 affects Internet Explorer on multiple Windows editions where the scripting engine’s memory handling of objects can be abused to execute arbitrary code in the user context. Root cause: memory corruption in the scripting engine. Impact: remote code execution with high severity (per C...

7.6CVSS7.8AI score0.48907EPSS
Exploits3References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/10/12 12:0 a.m.158 views

Windows 2008 October 2017 Multiple Security Updates (KRACK)

The remote Windows host is missing multiple security updates released on 2017/10/10. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who...

10CVSS8.3AI score0.64132EPSS
Exploits13References34
Symantec
Symantec
added 2017/10/10 12:0 a.m.40 views

Microsoft Internet Explorer CVE-2017-11793 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are...

7.6CVSS0.7AI score0.48907EPSS
Exploits3Affected Software1
Check Point Advisories
Check Point Advisories
added 2017/10/10 12:0 a.m.34 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11793)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS7.8AI score0.48907EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2017/10/10 12:0 a.m.135 views

Windows Server 2012 October 2017 Security Updates (KRACK)

The remote Windows host is missing security update 4041679 or cumulative update 4041690. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services...

10CVSS8.5AI score0.64132EPSS
Exploits14References26
Rows per page
Query Builder