Microsoft Windows Multiple Vulnerabilities (KB4471318)

This host is missing a critical security update according to Microsoft KB4471318 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4471324)

This host is missing a critical security update according to Microsoft KB4471324 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4471327)

This host is missing a critical security update according to Microsoft KB4471327 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-8625

CVE-2018-8625 is an remote-code-execution vulnerability in the Windows VBScript engine, triggered by how VBScript objects are handled in memory. It affects Internet Explorer 9, 10, and 11. Public references in the connected data indicate active exploitation, with a documented exploit listed in Ex...

Internet Explorer Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges the permissions of the curre...

KLA11884 Multiple vulnerability in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

KLA11388 Multiple vulnerabilities in Microsoft Browsers

Multiple serious vulnerabilities were found in Microsoft Browsers Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially craft...

KB4471328: Windows 7 and Windows Server 2008 R2 December 2018 Security Update

The remote Windows host is missing security update 4471328 or cumulative update 4471318. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploit...

KB4471326: Windows Server 2012 December 2018 Security Update

The remote Windows host is missing security update 4471326 or cumulative update 4471330. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploit...

Microsoft Internet Explorer VBScript Engine CVE-2018-8619 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...

KB4471319: Windows Server 2008 December 2018 Security Update

The remote Windows host is missing security update 4471319 or cumulative update 4471325. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific...

Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free

vbscript: use-after-free in OLEAUT32!VariantClear and scrrun!VBADictionary::putItem CVE-2018-8544 There is a use-after-free vulnerability possibly two vulnerabilities triggerable by the same PoC, see below in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows...

VBScript - rtFilter Out-of-Bounds Read

VBScript - rtFilter Out-of-Bounds Read On Error Resume Next Class class1 Public Default Property Get x ReDim arr1 End Property End Class set c = new class1 arr = Array"b", "b", "a", "a", c Call Filterarr, "a" !-- ===============================================================================...

VBScript - 'rtFilter' Out-of-Bounds Read

On Error Resume Next Class class1 Public Default Property Get x ReDim arr1 End Property End Class set c = new class1 arr = Array"b", "b", "a", "a", c Call Filterarr, "a" !-- =============================================================================== Preliminary Analysis: The rtFilter function...

VBScript - OLEAUT32!VariantClear and scrrun!VBADictionary::put_Item Use-After-Free

VBScript - OLEAUT32!VariantClear and scrrun!VBADictionary::putItem Use-After-Free Class class2 Private Sub ClassTerminate var17.RemoveAll End Sub End Class Set var17 = CreateObject"Scripting.Dictionary" Set var17.Item"foo" = new class2 var17.Item"foo" = 1 !--...

Microsoft VBScript rtFilter Out-Of-Bounds Read

vbscript: out-of-bounds read in rtFilter CVE-2018-8552 There is an out-of-bounds vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. PoC: Note that Page Heap might need to be enabled to observe the crash...

Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free

vbscript: use-after-free in OLEAUT32!VariantClear and scrrun!VBADictionary::putItem CVE-2018-8544 There is a use-after-free vulnerability possibly two vulnerabilities triggerable by the same PoC, see below in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows...

VBScript - 'OLEAUT32!VariantClear' and 'scrrun!VBADictionary::put_Item' Use-After-Free

Class class2 Private Sub ClassTerminate var17.RemoveAll End Sub End Class Set var17 = CreateObject"Scripting.Dictionary" Set var17.Item"foo" = new class2 var17.Item"foo" = 1 !-- =============================================================================== Preliminary Analysis: 1st issue: In...

Microsoft Windows VBScript Class_Terminate Scripting.Dictionary Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows VBScript Engine Remote Code Execution Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. The Windows VBScript engine is one of the VBScript scripting language engines. Microsoft Windows is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute...