CVSS: 9.3EPSS: 94%CPEs: 10EXPL: 1CVE-2015-2482 – Microsoft Windows JavaScript Regular Expression Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2482
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una operación de sustitución manipulada con una expresión regular JavaScript, también conocido como 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to search and replace operations performed using JavaScript regular expressions. An attacker can cause the in-memory representation of a regular expression to be freed while it is being used in a replace operation. • https://www.exploit-db.com/exploits/40798 http://seclists.org/fulldisclosure/2015/Oct/54 http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-515 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 82%CPEs: 36EXPL: 0CVE-2011-0663
https://notcve.org/view.php?id=CVE-2011-0663
Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." Múltiples desbordamientos de enteros en los motores de secuencias de comandos (1) JScript v5.6 a la v5.8 y(2) VBScript v5.6 a la v5.8, permite a atacantes remotos ejecutar código de su elección a través de una página web manipulada. También conocida como "Scripting Memory Reallocation Vulnerability." • http://osvdb.org/71774 http://secunia.com/advisories/44162 http://www.securityfocus.com/bid/47249 http://www.securitytracker.com/id?1025333 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0949 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12673 • CWE-189: Numeric Errors •