This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2011-04-13
Product Vbscript Last view 2016-06-15
Version 5.7 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:vbscript

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2016-06-15 CVE-2016-3207

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206.

7.5 2016-06-15 CVE-2016-3206

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207.

7.5 2016-06-15 CVE-2016-3205

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207.

7.5 2016-05-10 CVE-2016-0189

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

7.5 2016-01-13 CVE-2016-0002

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

9.3 2015-12-09 CVE-2015-6136

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

5 2015-12-09 CVE-2015-6135

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

4.3 2015-10-13 CVE-2015-6059

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

9.3 2015-10-13 CVE-2015-6055

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka "Scripting Engine Memory Corruption Vulnerability."

4.3 2015-10-13 CVE-2015-6052

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."

9.3 2015-10-13 CVE-2015-2482

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability."

9.3 2015-07-14 CVE-2015-2372

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

4.3 2015-05-13 CVE-2015-1686

The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."

4.3 2015-05-13 CVE-2015-1684

VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript ASLR Bypass."

9.3 2015-03-11 CVE-2015-0032

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 8 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

9.3 2014-12-10 CVE-2014-6363

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

9.3 2014-02-11 CVE-2014-0271

The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

9.3 2011-04-13 CVE-2011-0663

Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."

CWE : Common Weakness Enumeration

%idName
47% (10) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
23% (5) CWE-200 Information Exposure
14% (3) CWE-20 Improper Input Validation
9% (2) CWE-399 Resource Management Errors
4% (1) CWE-189 Numeric Errors

Open Source Vulnerability Database (OSVDB)

id Description
71774 Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Ove...

OpenVAS Exploits

id Description
2011-04-13 Name : Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulner...
File : nvt/secpod_ms11-031.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0166 Microsoft VBScript Memory Corruption Vulnerability (MS15-066)
Severity: Category II - VMSKEY: V0061127
2015-A-0110 Microsoft VBScript ASLR Security Bypass Vulnerabilities (MS15-053)
Severity: Category II - VMSKEY: V0060657
2014-A-0025 Microsoft VBScript Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0044034
2011-A-0048 Microsoft Windows Scripting Memory Reallocation Vulnerability
Severity: Category II - VMSKEY: V0026526

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2017-09-06 Microsoft VBScript engine RegExp information disclosure attempt
RuleID : 43818 - Type : OS-WINDOWS - Revision : 3
2017-09-06 Microsoft VBScript engine RegExp information disclosure attempt
RuleID : 43817 - Type : OS-WINDOWS - Revision : 2
2017-09-06 Microsoft VBScript engine RegExp information disclosure attempt
RuleID : 43816 - Type : OS-WINDOWS - Revision : 3
2017-09-06 Microsoft VBScript engine RegExp information disclosure attempt
RuleID : 43815 - Type : OS-WINDOWS - Revision : 2
2017-08-15 Microsoft Internet Explorer type confusion attempt
RuleID : 43580 - Type : BROWSER-IE - Revision : 3
2017-08-15 Microsoft Internet Explorer type confusion attempt
RuleID : 43579 - Type : BROWSER-IE - Revision : 3
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43072 - Type : BROWSER-IE - Revision : 1
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43071 - Type : BROWSER-IE - Revision : 1
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43070 - Type : BROWSER-IE - Revision : 1
2017-07-04 Microsoft Internet Explorer vbscript regular expression information disclosur...
RuleID : 43069 - Type : BROWSER-IE - Revision : 1
2016-08-23 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 39681 - Type : BROWSER-IE - Revision : 2
2016-08-23 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 39680 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer scripting engine buffer overflow attempt
RuleID : 39237 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer scripting engine buffer overflow attempt
RuleID : 39236 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer VBScript out of bounds memory access remote code ...
RuleID : 39212 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer VBScript out of bounds memory access remote code ...
RuleID : 39211 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer vbscript csession close use after free attempt
RuleID : 39202 - Type : BROWSER-IE - Revision : 2
2016-07-13 Microsoft Internet Explorer vbscript csession close use after free attempt
RuleID : 39201 - Type : BROWSER-IE - Revision : 2
2016-06-14 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 38842 - Type : BROWSER-IE - Revision : 2
2016-06-14 Microsoft Internet Explorer VBScript toString redim array use after free attempt
RuleID : 38841 - Type : BROWSER-IE - Revision : 3
2016-04-26 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 38309 - Type : BROWSER-IE - Revision : 2
2016-04-26 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 38308 - Type : BROWSER-IE - Revision : 2
2016-03-14 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 37284 - Type : BROWSER-IE - Revision : 3
2016-03-14 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 37283 - Type : BROWSER-IE - Revision : 4
2016-03-14 Microsoft Internet Explorer VBScript engine use after free attempt
RuleID : 36923 - Type : BROWSER-IE - Revision : 7

Nessus® Vulnerability Scanner

id Description
2016-06-14 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms16-069.nasl - Type: ACT_GATHER_INFO
2016-06-14 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms16-063.nasl - Type: ACT_GATHER_INFO
2016-05-10 Name: The remote Windows host is affected by multiple remote code execution vulnera...
File: smb_nt_ms16-053.nasl - Type: ACT_GATHER_INFO
2016-05-10 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms16-051.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms16-003.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms16-001.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-126.nasl - Type: ACT_GATHER_INFO
2015-12-08 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms15-124.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-108.nasl - Type: ACT_GATHER_INFO
2015-10-13 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-106.nasl - Type: ACT_GATHER_INFO
2015-07-15 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms15-065.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms15-066.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: The remote Windows host is affected by security feature bypass vulnerabilities.
File: smb_nt_ms15-053.nasl - Type: ACT_GATHER_INFO
2015-05-12 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms15-043.nasl - Type: ACT_GATHER_INFO
2015-03-10 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms15-019.nasl - Type: ACT_GATHER_INFO
2015-03-10 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms15-018.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: Arbitrary code can be executed on the remote host through the installed VBScr...
File: smb_nt_ms14-084.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote host has a web browser installed that is affected by multiple vuln...
File: smb_nt_ms14-080.nasl - Type: ACT_GATHER_INFO
2014-02-12 Name: Arbitrary code can be executed on the remote host through the installed VBScr...
File: smb_nt_ms14-011.nasl - Type: ACT_GATHER_INFO
2014-02-12 Name: The remote host has a web browser that is affected by multiple vulnerabilities.
File: smb_nt_ms14-010.nasl - Type: ACT_GATHER_INFO
2011-04-13 Name: Arbitrary code can be executed on the remote host through the installed JScri...
File: smb_nt_ms11-031.nasl - Type: ACT_GATHER_INFO