MS15-066: Description of the security update for the VBScript 5.7 scripting engine: July 14, 2015

MS15-066: Description of the security update for the VBScript 5.7 scripting engine: July 14, 2015 Summary This security update resolves a vulnerability in the VBScript scripting engine in Windows. The vulnerability could allow remote code execution if a user goes to a specially crafted website. A...

MS11-031: Description of the security update for the JScript and VBScript v5.8 scripting engines: April 12, 2011

MS11-031: Description of the security update for the JScript and VBScript v5.8 scripting engines: April 12, 2011 INTRODUCTION Microsoft has released security bulletin MS11-031. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

MS16-003: Description of the security update for JScript 5.7 and VBScript 5.7: January 12, 2016

MS16-003: Description of the security update for JScript 5.7 and VBScript 5.7: January 12, 2016 Summary This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted...

MS14-011: Description of the security update for Visual Basic Scripting Edition (VBScript) 5.7: February 11, 2014

MS14-011: Description of the security update for Visual Basic Scripting Edition VBScript 5.7: February 11, 2014 INTRODUCTION Microsoft has released security bulletin MS14-011. To view the complete security bulletin, go to one of the following Microsoft websites: Home...

MS11-009: Vulnerability in JScript and VBScript scripting engines could allow remote code execution

MS11-009: Vulnerability in JScript and VBScript scripting engines could allow remote code execution INTRODUCTION Microsoft has released security bulletin MS11-009. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...

VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read

VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to...

VBScript RegExpComp::PnodeParse Out-Of-Bounds Read

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the sixth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161108001.html. There you can find a repro th...

VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read

!-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able t...

Internet Explorer 8-11, IIS, CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialize

A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsof...

VBScript CRegExp::Execute Uninitialized Memory Use

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the fifth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161107001.html. There you can find a repro th...

Microsoft Internet Explorer 891011 IIS CScript.exeWScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080MS14-084)

Microsoft Internet Explorer 891011 IIS CScript.exeWScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory MS14-080MS14-084 !-- Source: http://blog.skylined.nl/20161107001.html Synopsis A specially crafted script can cause the VBScript engine to access data before initializing it. An...

Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)

!-- Source: http://blog.skylined.nl/20161107001.html Synopsis A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and...

MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724)

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability in the Microsoft OLE Automation mechanism and the VBScript Scripting Engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this...

CVE-2016-3375

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...

Memory corruption

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...

CVE-2016-3375

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...

Microsoft VBScript Scripting Engine OLE Automation Memory Corruption Vulnerability (3188724)

This host is missing a critical security update according to Microsoft Bulletin MS16-116 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Fixes 47 Vulnerabilities with September Patch Tuesday

Microsoft patched 47 vulnerabilities as part of 14 security bulletins, seven critical, with its monthly Patch Tuesday updates today. The company is warning users that if left unpatched, 10 of the issues can lead to remote execution. The updates resolve issues in Microsoft Windows, Office, Office...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the contex...