VBScript CRegExp::Execute Uninitialized Memory Use
Posted by deepcore on November 9, 2016 – 1:19 am
A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsoft Internet Explorer.
Post a reply
You must be logged in to post a comment.