Lucene search
K

14 matches found

Veracode
Veracode
added 2018/07/04 8:26 a.m.23 views

Information Leakage

microsoft.chakracore is vulnerable to information leakage. This happens because the finalName parameter in the ConstructName function of JavascriptObject.cpp can contain null characters in between, leaving part of it uninitialized. This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.This...

5.3CVSS5.9AI score0.25116EPSS
Exploits4References5Affected Software2
Check Point Advisories
Check Point Advisories
added 2017/12/20 12:0 a.m.3 views

Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...

2.6CVSS5.5AI score0.25116EPSS
Exploits4
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.47 views

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen(CVE-2017-11906)

There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; Debug log: cec.a14: Access violation - code c0000005 fir...

6.9AI score0.25116EPSS
Exploits4
Packet Storm
Packet Storm
added 2017/12/19 12:0 a.m.70 views

Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: ========================================= function go var r= ne...

0.2AI score0.25116EPSS
Exploits4
Circl
Circl
added 2017/12/13 4:0 a.m.25 views

CVE-2017-11906

creationtimestamp| type| source ---|---|--- 2017-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=248 2017-12-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43372...

5.3CVSS6.5AI score0.25116EPSS
Exploits4References2
NVD
NVD
added 2017/12/12 9:29 p.m.18 views

CVE-2017-11906

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to h...

5.3CVSS5.2AI score0.25116EPSS
Exploits4References4
Prion
Prion
added 2017/12/12 9:29 p.m.25 views

Information disclosure

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 201...

2.6CVSS4.9AI score0.25116EPSS
Exploits4References3Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.35 views

Information disclosure

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due ...

2.6CVSS5AI score0.25116EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2017/12/12 9:0 p.m.99 views

CVE-2017-11906

Technical details about CVE-2017-11906 (affected products, root cause, impact, remediation) are not publicly provided in the supplied documents. Monitor for vendor advisories and updates.

5.3CVSS5.7AI score0.25116EPSS
Exploits4References4Affected Software1
CVE
CVE
added 2017/12/12 9:0 p.m.104 views

CVE-2017-11887

CVE-2017-11906 is described across multiple sources as an information disclosure vulnerability in Microsoft Internet Explorer caused by improper handling of memory objects in the scripting engine. Affected software includes Internet Explorer on Windows platforms listed in the CVE description (Win...

5.3CVSS5.7AI score0.06423EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.250 views

KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update

The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...

9.8CVSS7.9AI score0.68491EPSS
Exploits38References26
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.76 views

KB4053581: Windows 10 December 2017 Security Update

The remote Windows host is missing security update 4053581. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file...

9.8CVSS7.9AI score0.64164EPSS
Exploits25References21
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.107 views

Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacke...

8.5CVSS7.9AI score0.64164EPSS
Exploits22References17
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.77 views

Security Updates for Internet Explorer (December 2017)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corru...

7.6CVSS7.7AI score0.64164EPSS
Exploits16References17
Rows per page
Query Builder