Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2011-04-13 |
| Product | Jscript | Last view | 2016-06-15 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2016-06-15 | CVE-2016-3207 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206. |
| 7.5 | 2016-06-15 | CVE-2016-3206 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207. |
| 7.5 | 2016-06-15 | CVE-2016-3205 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207. |
| 7.5 | 2016-06-15 | CVE-2016-3202 | The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
| 7.5 | 2016-05-10 | CVE-2016-0189 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. |
| 7.5 | 2016-05-10 | CVE-2016-0187 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0189. |
| 7.5 | 2016-01-13 | CVE-2016-0002 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
| 9.3 | 2015-12-09 | CVE-2015-6136 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
| 5 | 2015-12-09 | CVE-2015-6135 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." |
| 9.3 | 2015-11-11 | CVE-2015-6089 | The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
| 4.3 | 2015-10-13 | CVE-2015-6059 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." |
| 9.3 | 2015-10-13 | CVE-2015-6056 | The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
| 9.3 | 2015-10-13 | CVE-2015-6055 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka "Scripting Engine Memory Corruption Vulnerability." |
| 4.3 | 2015-10-13 | CVE-2015-6052 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." |
| 9.3 | 2015-10-13 | CVE-2015-2482 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability." |
| 9.3 | 2012-08-14 | CVE-2012-2523 | Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." |
| 9.3 | 2011-04-13 | CVE-2011-0663 | Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 57% (12) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 19% (4) | CWE-20 | Improper Input Validation |
| 14% (3) | CWE-200 | Information Exposure |
| 9% (2) | CWE-189 | Numeric Errors |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:12673 | Scripting Memory Reallocation Vulnerability |
| oval:org.mitre.oval:def:15790 | JavaScript Integer Overflow Remote Code Execution Vulnerability - MS12-052 an... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 71774 | Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Ove... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-08-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2722913) File : nvt/secpod_ms12-052.nasl |
| 2012-08-15 | Name : Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2... File : nvt/secpod_ms12-056.nasl |
| 2011-04-13 | Name : Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulner... File : nvt/secpod_ms11-031.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2012-A-0130 | Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0033654 |
| 2011-A-0048 | Microsoft Windows Scripting Memory Reallocation Vulnerability Severity: Category II - VMSKEY: V0026526 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43072 - Type : BROWSER-IE - Revision : 1 |
| 2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43071 - Type : BROWSER-IE - Revision : 1 |
| 2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43070 - Type : BROWSER-IE - Revision : 1 |
| 2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43069 - Type : BROWSER-IE - Revision : 1 |
| 2016-08-23 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 39681 - Type : BROWSER-IE - Revision : 2 |
| 2016-08-23 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 39680 - Type : BROWSER-IE - Revision : 2 |
| 2016-07-13 | Microsoft Internet Explorer scripting engine buffer overflow attempt RuleID : 39237 - Type : BROWSER-IE - Revision : 2 |
| 2016-07-13 | Microsoft Internet Explorer scripting engine buffer overflow attempt RuleID : 39236 - Type : BROWSER-IE - Revision : 2 |
| 2016-07-13 | Microsoft Internet Explorer VBScript out of bounds memory access remote code ... RuleID : 39212 - Type : BROWSER-IE - Revision : 2 |
| 2016-07-13 | Microsoft Internet Explorer VBScript out of bounds memory access remote code ... RuleID : 39211 - Type : BROWSER-IE - Revision : 2 |
| 2016-07-13 | Microsoft Internet Explorer vbscript csession close use after free attempt RuleID : 39202 - Type : BROWSER-IE - Revision : 2 |
| 2016-07-13 | Microsoft Internet Explorer vbscript csession close use after free attempt RuleID : 39201 - Type : BROWSER-IE - Revision : 2 |
| 2016-06-14 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 38842 - Type : BROWSER-IE - Revision : 2 |
| 2016-06-14 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 38841 - Type : BROWSER-IE - Revision : 3 |
| 2016-06-09 | Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-af... RuleID : 38829 - Type : BROWSER-IE - Revision : 2 |
| 2016-06-09 | Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-af... RuleID : 38828 - Type : BROWSER-IE - Revision : 2 |
| 2016-04-26 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 38309 - Type : BROWSER-IE - Revision : 2 |
| 2016-04-26 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 38308 - Type : BROWSER-IE - Revision : 2 |
| 2016-03-14 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 37284 - Type : BROWSER-IE - Revision : 3 |
| 2016-03-14 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 37283 - Type : BROWSER-IE - Revision : 4 |
| 2016-03-14 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 36923 - Type : BROWSER-IE - Revision : 7 |
| 2016-03-14 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 36922 - Type : BROWSER-IE - Revision : 7 |
| 2016-03-14 | Microsoft Internet Explorer CElement JSON write-what-where attempt RuleID : 36754 - Type : BROWSER-IE - Revision : 3 |
| 2016-03-14 | Microsoft Internet Explorer CElement JSON write-what-where attempt RuleID : 36753 - Type : BROWSER-IE - Revision : 3 |
| 2016-03-14 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 36459 - Type : BROWSER-IE - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-06-14 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-063.nasl - Type: ACT_GATHER_INFO |
| 2016-06-14 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-068.nasl - Type: ACT_GATHER_INFO |
| 2016-06-14 | Name: The remote Windows host is affected by multiple remote code execution vulnera... File: smb_nt_ms16-069.nasl - Type: ACT_GATHER_INFO |
| 2016-05-10 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-051.nasl - Type: ACT_GATHER_INFO |
| 2016-05-10 | Name: The remote Windows host is affected by multiple remote code execution vulnera... File: smb_nt_ms16-053.nasl - Type: ACT_GATHER_INFO |
| 2016-01-12 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-001.nasl - Type: ACT_GATHER_INFO |
| 2016-01-12 | Name: The remote Windows host is affected by a remote code execution vulnerability. File: smb_nt_ms16-003.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms15-124.nasl - Type: ACT_GATHER_INFO |
| 2015-12-08 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-126.nasl - Type: ACT_GATHER_INFO |
| 2015-11-10 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms15-112.nasl - Type: ACT_GATHER_INFO |
| 2015-10-13 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms15-106.nasl - Type: ACT_GATHER_INFO |
| 2015-10-13 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms15-108.nasl - Type: ACT_GATHER_INFO |
| 2012-08-15 | Name: The remote host is affected by code execution vulnerabilities. File: smb_nt_ms12-052.nasl - Type: ACT_GATHER_INFO |
| 2012-08-15 | Name: Arbitrary code can be executed on the remote host through the installed JScri... File: smb_nt_ms12-056.nasl - Type: ACT_GATHER_INFO |
| 2011-04-13 | Name: Arbitrary code can be executed on the remote host through the installed JScri... File: smb_nt_ms11-031.nasl - Type: ACT_GATHER_INFO |
