The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft jscript 5.8 |
||
microsoft vbscript 5.8 |
||
microsoft vbscript 5.7 |
In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174. Our story begins on VirusTotal (VT), where someone uploaded an interesting exploit on April 18, 2018. This exploit was detected by sever...
According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world. 79,209,775 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 288 thousand user computers. Crypto ransomware attacks were blocked on 240,799 computers of unique users. Kaspersky Lab’s file antivirus det...
Plaid Parliament of Pwning's IE attack turned into pay-to-p0wn cannon
The new wearer of the crown for World's Worst Exploit Kit is compromising users with exploit code for a dangerous new attack published by a white hat researcher. Neutrino is the new king of for-profit p0wnage packages, a market in which criminals create tools to compromise scores of users through the latest vulnerabilities. Neutrino's authors, who have risen to prominence since the likely arrest of the former top dogs behind the Angler exploit kit, were quick to snap up exploit code published to...