Security feature bypass

The Microsoft 1 VBScript 5.6 through 5.8 and 2 JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."...

CVE-2015-1686

CVE-2015-1686 documents an ASLR bypass in Microsoft Internet Explorer's scripting engines: VBScript 5.6–5.8 and JScript 5.6–5.8 used in IE8–IE11 (and related products). The root cause is ASLR bypass capability within these engines when rendering a crafted web page, enabling potential arbitrary co...

CVE-2015-1686

The Microsoft 1 VBScript 5.6 through 5.8 and 2 JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."...

Microsoft Windows JScript & VBScript Security Bypass Vulnerability (3057263)

This host is missing an important security update according to Microsoft Bulletin MS15-053. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Internet Explorer Memory Corruption (MS15-043: CVE-2015-1686)

A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to JScript and VBScript engines not using Address Space Layout Randomization ASLR security feature when rendered in Internet Explorer. A remote attacker can exploit this issue by...

Microsoft Windows VBScript Regular Expression Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how VBScript...

Microsoft VBScript CVE-2015-1684 ASLR Security Bypass Vulnerability

Description Microsoft VBScript is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0....

Microsoft VBScript and JScript CVE-2015-1686 ASLR Security Bypass Vulnerability

Description Microsoft VBScript and JScript are prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code by exploiting another vulnerability in the application. Technologies Affected Avaya CallPilot 4.0 Avaya...

MS15-053: Vulnerabilities in JScript and VBScript scripting engines could allow security feature bypass: May 12, 2015

This security update resolves ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows.SummaryThis security update resolves address space layout randomization ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows...

Microsoft Windows multiple security vulnerabilities

Multiple Internet Explorer vulnerabilities, VBScript engine, graphics, HTTP.sys vulnerabilities, privilege escalation, code execution, restrictions bypass, information disclosure, DoS...

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3038314)

This host is missing a critical security update according to Microsoft Bulletin MS15-032. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Acunetix 9.5 - OLE Automation Array Remote Code Execution

Acunetix 9.5 - OLE Automation Array Remote Code Execution !/usr/bin/python import BaseHTTPServer, sys, socket Acunetix OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 27 Mar 2015 Version: acunetix.exe Video:...

Internet Explorer DHTML Object Memory Corruption (MS05-020) - Ver2 (CVE-2005-0553)

The Microsoft Internet Explorer application is primarily used for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, etc. This application has a built in functionality to interpret JavaScript and VBScript code. It is also capable of using the Document...

Dridex Campaign Evades Detection with AutoClose Function

Pushers of the Dridex banking malware have gone old-school for some time now, moving the malware through phishing messages executed by macros in Microsoft Office documents. While macros are disabled by default since the release of Office 2007, the malware includes somewhat convincing social...

CVE-2015-0032

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 8 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "VBScript Memory Corruption Vulnerability."...

CVE-2015-0032

CVE-2015-0032 affects the Microsoft VBScript engine (versions 5.6–5.8) used with Internet Explorer 8–11. The memory-corruption vulnerability allows remote code execution or a DoS when a user visits a crafted website, due to how VBScript handles objects in memory. Affected products include Windows...

Microsoft Windows VBScript Remote Code Execution Vulnerability (3040297)

This host is missing a critical security update according to Microsoft Bulletin MS15-019. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

KLA10471 Multiple vulnerabilities in VBScript engine

An unspecified vulnerability was found in VBScript engine. By exploiting this vulnerability malicious users execute arbitrary code or cause denial of service. This vulnerability can be exploited remotely via a specially designed web site. Original advisories Microsoft advisory CVE-2015-0032 Relat...

Microsoft VBScript CVE-2015-0032 Remote Code Execution Vulnerability

Description Microsoft VBScript is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies...

Microsoft Internet Explorer Memory Corruption (MS15-018: CVE-2015-0032)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way that the VBScript engine handles objects in memory when rendered in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafte...