Lucene search
K

22 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.21 views

ChakraCore RCE Vulnerability

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.4AI score0.6546EPSS
Exploits3References8Affected Software1
Veracode
Veracode
added 2018/07/04 7:53 a.m.40 views

Remote Code Execution (RCE) Via Memory Corruption

microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...

7.5CVSS8AI score0.68491EPSS
Exploits25References4Affected Software2
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.53 views

Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD(CVE-2017-11890)

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. Th...

7.9AI score0.49398EPSS
Exploits4
0day.today
0day.today
added 2017/12/19 12:0 a.m.60 views

Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors. Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a...

7.6CVSS7.9AI score0.49398EPSS
Exploits4
Packet Storm
Packet Storm
added 2017/12/18 12:0 a.m.78 views

Microsoft Windows jscript!RegExpComp::Compile Heap Overflow

Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue...

8AI score0.49398EPSS
Exploits4
Circl
Circl
added 2017/12/13 4:0 a.m.16 views

CVE-2017-11890

creationtimestamp| type| source ---|---|--- 2017-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=248 2017-12-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43369...

7.6CVSS7.1AI score0.49398EPSS
Exploits4References2
NVD
NVD
added 2017/12/12 9:29 p.m.14 views

CVE-2017-11890

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handle...

7.6CVSS7.9AI score0.49398EPSS
Exploits4References4
Prion
Prion
added 2017/12/12 9:29 p.m.14 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...

7.6CVSS7.5AI score0.68491EPSS
Exploits25References3Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.13 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.27 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Thi...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.6AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the sam...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software2
CVE
CVE
added 2017/12/12 9:0 p.m.108 views

CVE-2017-11890

Technical details for CVE-2017-11890 are not publicly available in the provided Connected documents. The Initial Description notes Windows IE scripting engine memory corruption, but no vendor/product/version specifics or remediation are included here. Monitor for updates from official advisories ...

7.6CVSS8AI score0.49398EPSS
Exploits4References4Affected Software1
Symantec
Symantec
added 2017/12/12 12:0 a.m.48 views

Microsoft Internet Explorer CVE-2017-11890 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-...

7.6CVSS0.8AI score0.49398EPSS
Exploits4Affected Software1
Check Point Advisories
Check Point Advisories
added 2017/12/12 12:0 a.m.4 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11890)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS7.9AI score0.49398EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.250 views

KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update

The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...

9.8CVSS7.9AI score0.68491EPSS
Exploits38References26
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.77 views

Security Updates for Internet Explorer (December 2017)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corru...

7.6CVSS7.7AI score0.64164EPSS
Exploits16References17
Rows per page
Query Builder