14 matches found
Information Leakage
microsoft.chakracore is vulnerable to information leakage. This happens because the finalName parameter in the ConstructName function of JavascriptObject.cpp can contain null characters in between, leaving part of it uninitialized. This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.This...
Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)
An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...
Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen(CVE-2017-11906)
There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; Debug log: cec.a14: Access violation - code c0000005 fir...
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: ========================================= function go var r= ne...
CVE-2017-11906
creationtimestamp| type| source ---|---|--- 2017-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=248 2017-12-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43372...
CVE-2017-11906
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to h...
Information disclosure
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 201...
Information disclosure
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due ...
CVE-2017-11906
Technical details about CVE-2017-11906 (affected products, root cause, impact, remediation) are not publicly provided in the supplied documents. Monitor for vendor advisories and updates.
CVE-2017-11887
CVE-2017-11906 is described across multiple sources as an information disclosure vulnerability in Microsoft Internet Explorer caused by improper handling of memory objects in the scripting engine. Affected software includes Internet Explorer on Windows platforms listed in the CVE description (Win...
KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update
The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...
KB4053581: Windows 10 December 2017 Security Update
The remote Windows host is missing security update 4053581. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file...
Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates
The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacke...
Security Updates for Internet Explorer (December 2017)
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corru...