2820 matches found
Microsoft Edge Scripting Engine Information Disclosure (CVE-2019-0990)
An information disclosure vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
KB4503290: Windows 8.1 and Windows Server 2012 R2 June 2019 Security Update
The remote Windows host is missing security update 4503290 or cumulative update 4503276. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Event Viewer eventvwr.msc when it improperly parses XML input containing a reference to...
KB4503291: Windows 10 June 2019 Security Update
The remote Windows host is missing security update 4503291. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this...
CVE-2019-12554
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function provided by the scripting engine allows an attacker to cause a denial of service by crashing the application...
CVE-2019-12553
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function provided by the scripting engine allows an attacker to overwrite arbitrary memory, which could lead to code execution...
CVE-2019-12555
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function provided by the scripting engine allows an attacker to cause a denial of service by crashing the application...
CVE-2019-12554
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function provided by the scripting engine allows an attacker to cause a denial of service by crashing the application...
Input validation
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function provided by the scripting engine allows an attacker to overwrite arbitrary memory, which could lead to code execution...
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Exploit
Content Dim ar1&h3000000 Dim ar21000 Dim gremlin addressOfGremlin = &h28281000 Class MyClass Private mValue Public Property Let Valuev mValue = v End Property Public Default Property Get P P = mValue ' Where to write End Property End Class Sub TriggerWritewhere, val Dim v1 Set v1 =...
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Content Dim ar1&h3000000 Dim ar21000 Dim gremlin addressOfGremlin = &h28281000 Class MyClass Private mValue Public Property Let Valuev mValue = v End Property Public Default Property Get P P = mValue ' Wher...
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
Exploit Title: Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Date: 03/2019 Author: Simon Zuckerbraun Vendor: https://www.microsoft.com/ Version: February 2019 patch level Tested on: Windows 10 1809 17763.316 CVE: CVE-2019-0752 Content Dim ar1&h3000000...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to the way the ChakraCore scripting engine handles objects in memory which could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...
Remote Code Execution (RCE)
ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user...
Remote Code Execution (RCE)
ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user...
Microsoft Internet Explorer Buffer Overflow Vulnerability
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A buffer overflow vulnerability exists in the way the scripting engine handles memory objects in Microsoft Internet Explorer 9, 10, and 11. The vulnerability originate...
CVE-2019-0927
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
CVE-2019-0923
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
CVE-2019-0925
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
CVE-2019-0933
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...
CVE-2019-0937
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916...