VulnCheck KEV: CVE-2016-3206

The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

VulnCheck KEV: CVE-2017-0015

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...

VulnCheck KEV: CVE-2017-0067

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...

Windows 10 / Windows Server 2016 September 2017 Information Disclosure Vulnerability (CVE-2017-8529)

The remote Windows host is missing a security update or a registry setting required to enable protections for CVE-2017-8529. It is, therefore, affected by an information disclosure vulnerability: - An information disclosure vulnerability exists when affected Microsoft scripting engines do not...

CVE-2017-0067

CVE-2017-0134 is a remote code execution flaw in the Microsoft Edge scripting engine, caused by memory handling issues when rendering objects in memory. The vulnerability could allow an attacker to execute arbitrary code in the context of the current user if the target is enticed to open a specia...

CVE-2017-0132

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An...

CVE-2017-0071

CVE-2017-0134 is tied to a remote code execution vulnerability in Microsoft Edge’s scripting engine, arising from how in-memory objects are handled. The checkpoint advisory CPAI-2018-0053 states that a remote, unauthenticated attacker could lure a user to a crafted page to trigger memory corrupti...

CVE-2017-0137

CVE-2017-0137 is described as a remote code execution vulnerability in the handling of objects in memory by Microsoft scripting engines used by Microsoft browsers. The vulnerability could allow an attacker to execute arbitrary code in the context of the current user with the same user rights; if ...

CVE-2017-0133

Technical details for CVE-2017-0133 are not present in the connected documents; the initial entry describes a remote code execution in Microsoft scripting engines, but no vendor/version/root-cause specifics are provided here. Monitor for updates.

CVE-2017-0132

CVE-2017-0134 is described in Connected doc CPAI-2018-0053 as a remote code execution vulnerability in Microsoft Edge’s scripting engine memory handling. The issue arises from how objects are rendered in memory, allowing an attacker to run arbitrary code in the context of the current user by conv...

CVE-2017-0150

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An...

CVE-2017-0136

CVE-2017-0134 is a remote code execution vulnerability in the Microsoft scripting engines used by Microsoft Edge/IE, caused by how objects in memory are handled by the scripting engine. The CPAI-2018-0053 advisory notes an exploit vector where a remote attacker could lure a user to open a special...

CVE-2016-3260

The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memo...

CVE-2016-3204

The Microsoft 1 JScript 5.8 and 9 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...

CVE-2011-0663

Multiple integer overflows in the Microsoft 1 JScript 5.6 through 5.8 and 2 VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."...