This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2011-04-13
Product Jscript Last view 2016-06-15
Version 5.8 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:jscript

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2016-06-15 CVE-2016-3207

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206.

7.5 2016-06-15 CVE-2016-3206

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207.

7.5 2016-06-15 CVE-2016-3205

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207.

7.5 2016-05-10 CVE-2016-0189

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

7.5 2016-05-10 CVE-2016-0187

The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0189.

7.5 2016-01-13 CVE-2016-0002

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

9.3 2015-12-09 CVE-2015-6136

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

5 2015-12-09 CVE-2015-6135

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

4.3 2015-10-13 CVE-2015-6059

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

9.3 2015-10-13 CVE-2015-6055

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka "Scripting Engine Memory Corruption Vulnerability."

4.3 2015-10-13 CVE-2015-6052

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."

9.3 2015-10-13 CVE-2015-2482

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability."

9.3 2012-08-14 CVE-2012-2523

Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."

9.3 2011-04-13 CVE-2011-0663

Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."

CWE : Common Weakness Enumeration

%idName
52% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17% (3) CWE-200 Information Exposure
17% (3) CWE-20 Improper Input Validation
11% (2) CWE-189 Numeric Errors

Open Source Vulnerability Database (OSVDB)

id Description
71774 Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Ove...

OpenVAS Exploits

id Description
2012-08-15 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2722913)
File : nvt/secpod_ms12-052.nasl
2012-08-15 Name : Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability (2...
File : nvt/secpod_ms12-056.nasl
2011-04-13 Name : Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulner...
File : nvt/secpod_ms11-031.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0130 Microsoft JScript and VBScript Engines Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0033654
2011-A-0048 Microsoft Windows Scripting Memory Reallocation Vulnerability
Severity: Category II - VMSKEY: V0026526

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43072 - Type : BROWSER-IE - Revision : 1
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43071 - Type : BROWSER-IE - Revision : 1
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43070 - Type : BROWSER-IE - Revision : 1
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43069 - Type : BROWSER-IE - Revision : 1
2016-08-23 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 39681 - Type : BROWSER-IE - Revision : 2
2016-08-23 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 39680 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer scripting engine buffer overflow attempt
RuleID : 39237 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer scripting engine buffer overflow attempt
RuleID : 39236 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer VBScript out of bounds memory access remote code ...
RuleID : 39212 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer VBScript out of bounds memory access remote code ...
RuleID : 39211 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer vbscript csession close use after free attempt
RuleID : 39202 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer vbscript csession close use after free attempt
RuleID : 39201 - Type : BROWSER-IE - Revision : 2
2016-06-14 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 38842 - Type : BROWSER-IE - Revision : 2
2016-06-14 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 38841 - Type : BROWSER-IE - Revision : 3
2016-06-09 Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-af...
RuleID : 38829 - Type : BROWSER-IE - Revision : 2
2016-06-09 Microsoft Internet Explorer BooleanProtoObj objects JSONStringifyArray use-af...
RuleID : 38828 - Type : BROWSER-IE - Revision : 2
2016-04-26 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 38309 - Type : BROWSER-IE - Revision : 2
2016-04-26 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 38308 - Type : BROWSER-IE - Revision : 2
2016-03-14 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 37284 - Type : BROWSER-IE - Revision : 3
2016-03-14 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 37283 - Type : BROWSER-IE - Revision : 4
2016-03-14 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 36923 - Type : BROWSER-IE - Revision : 7
2016-03-14 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 36922 - Type : BROWSER-IE - Revision : 7
2016-03-14 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 36459 - Type : BROWSER-IE - Revision : 3
2016-03-14 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 36458 - Type : BROWSER-IE - Revision : 3
2016-03-14 Microsoft Internet Explorer RegExp object use after free attempt
RuleID : 36451 - Type : BROWSER-IE - Revision : 5

Nessus® Vulnerability Scanner

id Description
2016-06-14 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms16-063.nasl - Type: ACT_GATHER_INFO
2016-06-14 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms16-069.nasl - Type: ACT_GATHER_INFO
2016-05-10 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms16-051.nasl - Type: ACT_GATHER_INFO
2016-05-10 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms16-053.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms16-001.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms16-003.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms15-124.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-126.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-106.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-108.nasl - Type: ACT_GATHER_INFO
2012-08-15 Name: The remote host is affected by code execution vulnerabilities.
File: smb_nt_ms12-052.nasl - Type: ACT_GATHER_INFO
2012-08-15 Name: Arbitrary code can be executed on the remote host through the installed JScri...
File: smb_nt_ms12-056.nasl - Type: ACT_GATHER_INFO
2011-04-13 Name: Arbitrary code can be executed on the remote host through the installed JScri...
File: smb_nt_ms11-031.nasl - Type: ACT_GATHER_INFO