Search the Community
Showing results for tags 'vbscript'.
-
There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker. View the full article
-
Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the VBScript execution policy does not appear to cover VBScript code in MSXML xsl files which can still execute VBScript, even when loaded from the Internet Zone. View the full article
-
There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied. View the full article