VBScript Engine Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability

Foxit Studio Photo 3.6.6.909 Out-of-bounds Read Vulnerability

Published on December 1st, 2019
Summary

VBScript Engine suffers from improper restriction of operations within the bounds of a memory buffer vulnerability

Credit:

The information has been provided by Yuki Chen 

The original article can be found at: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1238


Details

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Vulnerable Systems:

VBScript Engine 

CVE Information:

CVE-2019-1238

Disclosure Timeline:
Published Date:10/10/2019

Categories: FeaturedNews
Tags:

Related Posts

News

Zoho ManageEngine OpManager before 12.4 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

News

MiniShare 1.4.1 Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability

News

NETGEAR JNR1010 devices before 1.0.0.32 Cross-Site Request Forgery (CSRF) Vulnerability