Core Windows Utility Can Be Used to Bypass AppLocker

A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker. A researcher who requested anonymity found and privately disclosed the issue to...

PowerShell used for spreading Trojan.Laziok through Google Docs

Introduction Through our multi-flow detection capability, we recently identified malicious actors spreading Trojan.Laziok malware via Google Docs. We observed that the attackers managed to upload the payload to Google Docs in March 2016. During the brief time it was live, users accessing the...

GongDa vs. Korean News

On Jan. 27, we observed visitors to a Korean news site being redirected to the GongDa Exploit Kit EK, potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful...

GongDa vs. Korean News

On Jan. 27, we observed visitors to a Korean news site being redirected to the GongDa Exploit Kit EK, potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful...

GitLab: Markdown based stored XSS (IE only)

Hello, My other report 116697 deals with any browser even through its not a direct XSS as it doesn't execute in the context of the site. But here is another type of XSS using vbscript: which affects only IE users but executes on the context of the site check the screenshot for POC...

Maimed Ramnit Still Lurking in the Shadow

Newspapers have the ability to do more than simply keep us current with worldly affairs; we can use them to squash bugs! Yet, as we move from waiting on the newspaper delivery boy to reading breaking news on ePapers, we lose the subtle art of bug squashing. Instead, we end up exposing ourselves t...

CVE-2016-0002

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

Memory corruption

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

CVE-2016-0002

Technical details for CVE-2016-0002 are not publicly available in the provided connected documents. Monitor for updates.

Microsoft Windows JScript and VBScript Remote Code Execution Vulnerability (3125540)

This host is missing a critical security update according to Microsoft Bulletin MS16-003. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

End of Life for Internet Explorer 8, 9 and 10

Microsoft has started the year with an announcement that, effective Jan. 12, 2016, support for all older versions of Internet Explorer IE will come to an end known as an EoL, or End of Life. The affected versions are Internet Explorer 7, 8, 9, and 10. What this means for users is that Microsoft...

Microsoft VBScript CVE-2016-0002 Remote Memory Corruption Vulnerability

Description Microsoft VBScript is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can take advantage of this vulnerability to execute arbitrary code in the context of the currently...

KLA10739 Code execution vulnerability in Microsoft VBScript

Improper memory objects handling was found in Microsoft VBScript. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed web content. Technical details To mitigate this vulnerability you can restrict acces...

MS16-003: Cumulative security update for JScript and VBScript to address remote code execution: January 12, 2016

Resolves a vulnerability in the VBScript scripting engine in Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user and then install programs or creat...

MS16-003: Description of the security update for JScript 5.8 and VBScript 5.8: January 12, 2016

Resolves a vulnerability in the VBScript scripting engine in Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploits this vulnerability could gain the same user rights as the current user and then install programs, create...

MS16-003: Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540)

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the VBScript engine due to improper handling of objects in memory. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website or...

Microsoft VBScript和JScript脚本引擎信息泄露漏洞（CVE-2015-6135）

No description provided by source...

Microsoft VBScript和JScript脚本引擎内存破坏漏洞(CVE-2015-6136)

No description provided by source...

Microsoft released 1 2 on a major security bug fix patch-bug warning-the black bar safety net

On Tuesday Microsoft announced that as part of its monthly security Bulletin part of all Windows users should update theiroperating system, the prevention from at least two major vulnerabilities. MS15-1 2 8 patched a series of memory crash vulnerability, the latter so that the hacker can install...

CVE-2015-6136

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...