MS15-019: Vulnerability in VBScript Scripting Engine could allow remote code execution: March 10, 2015

Resolves a vulnerability in the VBScript scripting engine in Windows that could allow remote code execution if a user visits a specially crafted website.SummaryThis security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote...

MS15-019: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3040297)

The VBScript scripting engine installed on the remote Windows host is affected by a remote code execution vulnerability due to improper handling of objects in memory. A remote attacker can exploit this issue by convincing a user to visit a specially crafted website or open a specially crafted...

MS15-019: Description of the security update for VBScript 5.8 Scripting Engine: March 10, 2015

Resolves a vulnerability in the VBScript scripting engine in Windows that could allow remote code execution if a user visits a specially crafted website.SummaryThis security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote...

Joyent Node.js marked incomplete blacklist vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on Google V8 JavaScript engine on top of the platform. marked is one of the Markdown a lightweight markup language parser and compiler . An incomplete blacklist vulnerability exists in Joyent Node.js marked. A remo...

DEBIAN-CVE-2015-1370

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...

UBUNTU-CVE-2015-1370

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...

CVE-2015-1370

CVE-2015-1370 affects the marked library (versions 0.3.2 and earlier) used with Node.js. The root cause is an incomplete blacklist that allows cross-site scripting via a vbscript tag in a link, enabling remote XSS. Public references (GHSA, OSV, NVD, CNVD) corroborate the issue and advise upgradin...

CVE-2015-1370

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...

CVE-2015-1370

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting XSS attacks via a vbscript tag in a link...

HTML Containing Malicious VBScript Encoding

Certain VBScript obfuscation schemes can be used to circumvent security software. These methods could allow attackers to execute arbitrary code on the target machine...

Microsoft Windows multiple security vulnerabilities

Multiple Internet Explorer vulnerabilities, VBScript Scripting Engine code execution, graphics system JPEG parsing information leakage...

MS14-080: Description of the security update for VBScript 5.8: January 13, 2015

Describes an update package that contains VBScript 5.8 updates for Internet Explorer 10. Apply this update package after you install the December cumulative security update for Internet Explorer.SummaryThis package contains the VBScript 5.8 updates that are intended for Internet Explorer 10 in a...

CVE-2014-6363

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "VBScript Memory Corruption Vulnerability."...

Memory corruption

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "VBScript Memory Corruption Vulnerability."...

CVE-2014-6363

CVE-2014-6363 affects the Microsoft VBScript engine (versions 5.6–5.8) used with Internet Explorer and other products. The issue is a memory corruption vulnerability in VBScript CRegExp/engine handling that can allow remote code execution when a user visits a crafted web page. Exploitation is evi...

Microsoft Windows VBScript Remote Code Execution Vulnerability (3016711)

This host is missing a critical security update according to Microsoft Bulletin MS14-084. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

December 2014 Microsoft Patch Tuesday Security Bulletins

Microsoft exits 2014 the way it came in to the year, with a relatively quiet set of Patch Tuesday security bulletins. As promised last week, Microsoft released seven bulletins today, three of them rated critical, meaning the chance of exploit and remote code execution is high. Microsoft also...

MS14-084: Description of the security update for VBScript 5.8: December 9, 2014

Resolves a vulnerability in the VBScript scripting engine in Microsoft Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.INTRODUCTIONMicrosoft h...

KLA10605 Code execution vulnerability in Microsoft VBScript

An unspecified vulnerabilities were found in Microsoft VBScript engine. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed web site. Original advisories CVE-2014-6363 CVE-2014-0271 Exploitation...

Microsoft VBScript CVE-2014-6363 Remote Code Execution Vulnerability

Description Microsoft VBScript is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies...