Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2011-04-13 |
Product | Vbscript | Last view | 2016-06-15 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2016-06-15 | CVE-2016-3207 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206. |
7.5 | 2016-06-15 | CVE-2016-3206 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207. |
7.5 | 2016-06-15 | CVE-2016-3205 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207. |
7.5 | 2016-06-15 | CVE-2016-3202 | The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
7.5 | 2016-05-10 | CVE-2016-0189 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. |
7.5 | 2016-05-10 | CVE-2016-0187 | The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0189. |
7.5 | 2016-01-13 | CVE-2016-0002 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
9.3 | 2015-12-09 | CVE-2015-6136 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
5 | 2015-12-09 | CVE-2015-6135 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." |
9.3 | 2015-11-11 | CVE-2015-6089 | The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
4.3 | 2015-10-13 | CVE-2015-6059 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." |
9.3 | 2015-10-13 | CVE-2015-6056 | The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
9.3 | 2015-10-13 | CVE-2015-6055 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka "Scripting Engine Memory Corruption Vulnerability." |
4.3 | 2015-10-13 | CVE-2015-6052 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." |
9.3 | 2015-10-13 | CVE-2015-2482 | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability." |
9.3 | 2015-07-14 | CVE-2015-2372 | vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." |
4.3 | 2015-05-13 | CVE-2015-1686 | The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." |
4.3 | 2015-05-13 | CVE-2015-1684 | VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass." |
9.3 | 2015-03-11 | CVE-2015-0032 | vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 8 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." |
9.3 | 2014-12-10 | CVE-2014-6363 | vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." |
9.3 | 2014-02-11 | CVE-2014-0271 | The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." |
9.3 | 2012-08-14 | CVE-2012-2523 | Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." |
9.3 | 2011-04-13 | CVE-2011-0663 | Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
51% (14) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
18% (5) | CWE-200 | Information Exposure |
14% (4) | CWE-20 | Improper Input Validation |
7% (2) | CWE-399 | Resource Management Errors |
7% (2) | CWE-189 | Numeric Errors |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:12673 | Scripting Memory Reallocation Vulnerability |
oval:org.mitre.oval:def:15790 | JavaScript Integer Overflow Remote Code Execution Vulnerability - MS12-052 an... |
oval:org.mitre.oval:def:22065 | VBScript Memory Corruption Vulnerability (CVE-2014-0271) - MS14-010, MS14-011 |
oval:org.mitre.oval:def:28368 | Internet Explorer memory corruption vulnerability - CVE-2014-6363 (MS14-080) |
oval:org.mitre.oval:def:28797 | VBScript memory corruption vulnerability - CVE-2015-0032 (MS15-019) |
oval:org.mitre.oval:def:28867 | VBScript memory corruption vulnerability - CVE-2015-1684 (MS15-043 and MS15-053) |
oval:org.mitre.oval:def:28745 | VBScript and JScript ASLR bypass vulnerability - CVE-2015-1686 (MS15-043 and ... |
oval:org.mitre.oval:def:28938 | VBScript Memory corruption vulnerability - CVE-2015-2372 (MS15-065 and MS15-066) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
71774 | Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Ove... |
OpenVAS Exploits
id | Description |
---|---|
2012-08-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2722913) File : nvt/secpod_ms12-052.nasl |
2012-08-15 | Name : Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2... File : nvt/secpod_ms12-056.nasl |
2011-04-13 | Name : Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulner... File : nvt/secpod_ms11-031.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0166 | Microsoft VBScript Memory Corruption Vulnerability (MS15-066) Severity: Category II - VMSKEY: V0061127 |
2015-A-0110 | Microsoft VBScript ASLR Security Bypass Vulnerabilities (MS15-053) Severity: Category II - VMSKEY: V0060657 |
2014-A-0025 | Microsoft VBScript Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0044034 |
2012-A-0130 | Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0033654 |
2011-A-0048 | Microsoft Windows Scripting Memory Reallocation Vulnerability Severity: Category II - VMSKEY: V0026526 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-09-06 | Microsoft VBScript engine RegExp information disclosure attempt RuleID : 43818 - Type : OS-WINDOWS - Revision : 3 |
2017-09-06 | Microsoft VBScript engine RegExp information disclosure attempt RuleID : 43817 - Type : OS-WINDOWS - Revision : 2 |
2017-09-06 | Microsoft VBScript engine RegExp information disclosure attempt RuleID : 43816 - Type : OS-WINDOWS - Revision : 3 |
2017-09-06 | Microsoft VBScript engine RegExp information disclosure attempt RuleID : 43815 - Type : OS-WINDOWS - Revision : 2 |
2017-08-15 | Microsoft Internet Explorer type confusion attempt RuleID : 43580 - Type : BROWSER-IE - Revision : 3 |
2017-08-15 | Microsoft Internet Explorer type confusion attempt RuleID : 43579 - Type : BROWSER-IE - Revision : 3 |
2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43072 - Type : BROWSER-IE - Revision : 1 |
2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43071 - Type : BROWSER-IE - Revision : 1 |
2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43070 - Type : BROWSER-IE - Revision : 1 |
2017-07-04 | Microsoft Internet Explorer vbscript regular expression information disclosur... RuleID : 43069 - Type : BROWSER-IE - Revision : 1 |
2016-08-23 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 39681 - Type : BROWSER-IE - Revision : 2 |
2016-08-23 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 39680 - Type : BROWSER-IE - Revision : 2 |
2016-07-13 | Microsoft Internet Explorer scripting engine buffer overflow attempt RuleID : 39237 - Type : BROWSER-IE - Revision : 2 |
2016-07-13 | Microsoft Internet Explorer scripting engine buffer overflow attempt RuleID : 39236 - Type : BROWSER-IE - Revision : 2 |
2016-07-13 | Microsoft Internet Explorer VBScript out of bounds memory access remote code ... RuleID : 39212 - Type : BROWSER-IE - Revision : 2 |
2016-07-13 | Microsoft Internet Explorer VBScript out of bounds memory access remote code ... RuleID : 39211 - Type : BROWSER-IE - Revision : 2 |
2016-07-13 | Microsoft Internet Explorer vbscript csession close use after free attempt RuleID : 39202 - Type : BROWSER-IE - Revision : 2 |
2016-07-13 | Microsoft Internet Explorer vbscript csession close use after free attempt RuleID : 39201 - Type : BROWSER-IE - Revision : 2 |
2016-06-14 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 38842 - Type : BROWSER-IE - Revision : 2 |
2016-06-14 | Microsoft Internet Explorer VBScript toString redim array use after free attempt RuleID : 38841 - Type : BROWSER-IE - Revision : 3 |
2016-06-09 | Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-af... RuleID : 38829 - Type : BROWSER-IE - Revision : 2 |
2016-06-09 | Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-af... RuleID : 38828 - Type : BROWSER-IE - Revision : 2 |
2016-04-26 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 38309 - Type : BROWSER-IE - Revision : 2 |
2016-04-26 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 38308 - Type : BROWSER-IE - Revision : 2 |
2016-03-14 | Microsoft Internet Explorer VBScript engine use after free attempt RuleID : 37284 - Type : BROWSER-IE - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-06-14 | Name: The remote Windows host is affected by multiple remote code execution vulnera... File: smb_nt_ms16-069.nasl - Type: ACT_GATHER_INFO |
2016-06-14 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-068.nasl - Type: ACT_GATHER_INFO |
2016-06-14 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-063.nasl - Type: ACT_GATHER_INFO |
2016-05-10 | Name: The remote Windows host is affected by multiple remote code execution vulnera... File: smb_nt_ms16-053.nasl - Type: ACT_GATHER_INFO |
2016-05-10 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-051.nasl - Type: ACT_GATHER_INFO |
2016-01-12 | Name: The remote Windows host is affected by a remote code execution vulnerability. File: smb_nt_ms16-003.nasl - Type: ACT_GATHER_INFO |
2016-01-12 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms16-001.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms15-126.nasl - Type: ACT_GATHER_INFO |
2015-12-08 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms15-124.nasl - Type: ACT_GATHER_INFO |
2015-11-10 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms15-112.nasl - Type: ACT_GATHER_INFO |
2015-10-13 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms15-108.nasl - Type: ACT_GATHER_INFO |
2015-10-13 | Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms15-106.nasl - Type: ACT_GATHER_INFO |
2015-07-15 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms15-065.nasl - Type: ACT_GATHER_INFO |
2015-07-14 | Name: The remote Windows host is affected by a remote code execution vulnerability. File: smb_nt_ms15-066.nasl - Type: ACT_GATHER_INFO |
2015-05-12 | Name: The remote Windows host is affected by security feature bypass vulnerabilities. File: smb_nt_ms15-053.nasl - Type: ACT_GATHER_INFO |
2015-05-12 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms15-043.nasl - Type: ACT_GATHER_INFO |
2015-03-10 | Name: The remote Windows host is affected by a remote code execution vulnerability. File: smb_nt_ms15-019.nasl - Type: ACT_GATHER_INFO |
2015-03-10 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms15-018.nasl - Type: ACT_GATHER_INFO |
2014-12-09 | Name: Arbitrary code can be executed on the remote host through the installed VBScr... File: smb_nt_ms14-084.nasl - Type: ACT_GATHER_INFO |
2014-12-09 | Name: The remote host has a web browser installed that is affected by multiple vuln... File: smb_nt_ms14-080.nasl - Type: ACT_GATHER_INFO |
2014-02-12 | Name: Arbitrary code can be executed on the remote host through the installed VBScr... File: smb_nt_ms14-011.nasl - Type: ACT_GATHER_INFO |
2014-02-12 | Name: The remote host has a web browser that is affected by multiple vulnerabilities. File: smb_nt_ms14-010.nasl - Type: ACT_GATHER_INFO |
2012-08-15 | Name: Arbitrary code can be executed on the remote host through the installed JScri... File: smb_nt_ms12-056.nasl - Type: ACT_GATHER_INFO |
2012-08-15 | Name: The remote host is affected by code execution vulnerabilities. File: smb_nt_ms12-052.nasl - Type: ACT_GATHER_INFO |
2011-04-13 | Name: Arbitrary code can be executed on the remote host through the installed JScri... File: smb_nt_ms11-031.nasl - Type: ACT_GATHER_INFO |