|
| Description: | | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability." |
|
| Impact: | | A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code. |
|
| Affected OS: | | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others |
|
| Reference: | | SecurityTrackerID:1033800
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106
ExploitDB:40798
http://seclists.org/fulldisclosure/2015/Oct/54
|
|