Scripting Engine
by Microsoft
Source repositories
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0067 | Hig | 0.50 | 7.5 | 0.15 | Mar 17, 2017 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the… | ||
| CVE-2017-0035 | Hig | 0.50 | 7.5 | 0.15 | Mar 17, 2017 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the… | ||
| CVE-2017-0032 | Hig | 0.50 | 7.5 | 0.15 | Mar 17, 2017 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the… | ||
| CVE-2017-0196 | Med | 0.44 | 6.5 | 0.18 | Jul 17, 2017 | An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | ||
| CVE-2025-30397 | 0.17 | — | 0.22 | KEV | May 13, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | ||
| CVE-2021-34448 | 0.12 | — | 0.27 | KEV | Jul 16, 2021 | Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2019-0835 | 0.02 | — | 0.07 | Apr 9, 2019 | An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'. | |||
| CVE-2021-26435 | 0.01 | — | 0.05 | Sep 15, 2021 | Windows Scripting Engine Memory Corruption Vulnerability | |||
| CVE-2019-0988 | 0.01 | — | 0.06 | Jun 12, 2019 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who… | |||
| CVE-2019-1001 | 0.00 | — | 0.08 | Jul 15, 2019 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059. |
- risk 0.50cvss 7.5epss 0.15
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…
- risk 0.50cvss 7.5epss 0.15
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…
- risk 0.50cvss 7.5epss 0.15
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…
- risk 0.44cvss 6.5epss 0.18
An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
- risk 0.17cvss —epss 0.22
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- risk 0.12cvss —epss 0.27
Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0835Apr 9, 2019risk 0.02cvss —epss 0.07
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'.
- CVE-2021-26435Sep 15, 2021risk 0.01cvss —epss 0.05
Windows Scripting Engine Memory Corruption Vulnerability
- CVE-2019-0988Jun 12, 2019risk 0.01cvss —epss 0.06
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who…
- CVE-2019-1001Jul 15, 2019risk 0.00cvss —epss 0.08
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059.
Page 2 of 2