📄 Microsoft Windows Server 2025 jscript.dll Use-After-Free

The exploit targets a use-After-free vulnerability in the JScript engine component jscript.dll of Internet Explorer 11 on Windows Server 2025. ============================================================================================================================================= | Title :...

EUVD-2006-3295

Malware in sbrugna...

Microsoft Internet Explorer jscript.dll Use After Free (CVE-2019-1429)

A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (ADV200001)

This host is missing a critical security update according to Microsoft advisory ADV200001. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

Microsoft Zero-Day Actively Exploited, Patch Forthcoming

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...

Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks

Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer IE browser that attackers are actively exploiting in the wild — and there is no patch ye...

PT-2020-1389 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 9 through 11 Description: A remote code execution issue exists due to incorrect handling of objects in memory by the scripting engine in Internet Explorer. This could allow an attacker to execute arbitrary code in t...

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Overview The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages...

October 8, 2019—KB4520011 (OS Build 10240.18368)

October 8, 2019—KB4520011 OS Build 10240.18368 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer and Microsoft Edge...

Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write

function f0 function f1 f2.prototype = arguments; new f2; function f2 Array.prototype.sort.callthis, f0; f11, 2, 3; !-- ========================================================= Details: JsArrayFunctionHeapSort is called when sorting an array with a provided comparison function. One of its...

Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write

Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write function f0 function f1 f2.prototype = arguments; new f2; function f2 Array.prototype.sort.callthis, f0; f11, 2, 3; !-- ========================================================= Details: JsArrayFunctionHeapSort is called when...

Windows: use-after-free in jscript!NameTbl::GetValDef(CVE-2017-11903)

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. This works...

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen(CVE-2017-11906)

There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; Debug log: cec.a14: Access violation - code c0000005 fir...

Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD(CVE-2017-11890)

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. Th...

Windows: heap overflow in jscript.dll in Array.sort(CVE-2017-11907)

There is an heap overflow vulnerability in jscript.dll library used in IE, WPAD and other places. The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort. PoC for IE note: page heap might be required to obsorve the crash: var vars = new Array100; var arr = new Array1000;...

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10

Google’s Project Zero released details of a local proof-of-concept attack against a fully patched Windows 10 PC that allows an adversary to execute untrusted JavaScript outside a sandboxed environment on targeted systems. The attack is a variation of a WPAD/PAC attack. In Project Zero’s case, the...

Microsoft Windows jscript!JsArraySlice Uninitialized Variable Exploit

Exploit for windows platform in category dos / poc Windows: Uninitialized variable in jscript!JsArraySlice CVE-2017-11855 There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in...

Microsoft Windows - jscript.dll Array.sort Heap Overflow

Microsoft Windows - jscript.dll Array.sort Heap Overflow var vars = new Array100; var arr = new Array1000; forvar i=1;i !-- ========================================= Technical details: Array.sort is implemented in JsArraySort which, depending if a comparison function was specified or not, calls...

Microsoft Windows - jscript.dll 'Array.sort' Heap Overflow

var vars = new Array100; var arr = new Array1000; forvar i=1;i !-- ========================================= Technical details: Array.sort is implemented in JsArraySort which, depending if a comparison function was specified or not, calls JsArrayStringHeapSort or JsArrayFunctionHeapSort. These...

Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read Exploit

Exploit for windows platform in category dos / poc Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash:...