Lucene search
K

16 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.21 views

ChakraCore RCE Vulnerability

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.4AI score0.6546EPSS
Exploits3References8Affected Software1
Veracode
Veracode
added 2018/07/04 7:53 a.m.40 views

Remote Code Execution (RCE) Via Memory Corruption

microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...

7.5CVSS8AI score0.68491EPSS
Exploits25References4Affected Software2
seebug.org
seebug.org
added 2017/12/20 12:0 a.m.72 views

Windows: heap overflow in jscript.dll in Array.sort(CVE-2017-11907)

There is an heap overflow vulnerability in jscript.dll library used in IE, WPAD and other places. The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort. PoC for IE note: page heap might be required to obsorve the crash: var vars = new Array100; var arr = new Array1000;...

7.6CVSS8.2AI score0.64164EPSS
Exploits4
Prion
Prion
added 2017/12/12 9:29 p.m.14 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the sam...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.13 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.27 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Thi...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.6AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...

7.6CVSS7.5AI score0.68491EPSS
Exploits25References3Affected Software2
Cvelist
Cvelist
added 2017/12/12 9:0 p.m.29 views

CVE-2017-11907

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.8AI score0.64164EPSS
Exploits4References4
Check Point Advisories
Check Point Advisories
added 2017/12/12 12:0 a.m.3 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11907)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object in memory. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafted web page...

7.6CVSS7.9AI score0.64164EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.108 views

Windows 7 and Windows Server 2008 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacke...

8.5CVSS7.9AI score0.64164EPSS
Exploits22References17
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.250 views

KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update

The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...

9.8CVSS7.9AI score0.68491EPSS
Exploits38References26
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.77 views

Security Updates for Internet Explorer (December 2017)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corru...

7.6CVSS7.7AI score0.64164EPSS
Exploits16References17
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.107 views

Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacke...

8.5CVSS7.9AI score0.64164EPSS
Exploits22References17
Rows per page
Query Builder