CVE-2021-31959
published 2021-06-08CVE-2021-31959: Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability
medium6.4
Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.18967 | 10.0.10240.18967 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4467 | 10.0.14393.4467 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.1999 | 10.0.17763.1999 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1621 | 10.0.18363.1621 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1052 | 10.0.19041.1052 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1052 | 10.0.19042.1052 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1052 | 10.0.19043.1052 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25632 | 6.1.7601.25632 |
| microsoft | windows_7 | >= 6.1.0 < publication | publication |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25632 | 6.1.7601.25632 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < publication | publication |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20045 | 6.3.9600.20045 |
| microsoft | windows_8.1 | >= 6.3.0 < 1.0.0.0 | 1.0.0.0 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25632 | 6.1.7601.25632 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < publication | publication |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23372 | 6.2.9200.23372 |
| microsoft | windows_server_2012 | >= 6.2.0 < 1.0.0.0 | 1.0.0.0 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20045 | 6.3.9600.20045 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 1.0.0.0 | 1.0.0.0 |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4467 | 10.0.14393.4467 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.1999 | 10.0.17763.1999 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_1909 | — | — |
Project0
Fuzzing Closed-Source JavaScript Engines with Coverage Feedback - Project Zero
project_zero·2021-09-01
CVE-2021-26419 Fuzzing Closed-Source JavaScript Engines with Coverage Feedback - Project Zero
Posted by Ivan Fratric, Project Zero
tl;dr I combined Fuzzilli (an open-source JavaScript engine fuzzer), with TinyInst (an open-source dynamic instrumentation library for fuzzing). I also added grammar-based mutation support to Jackalope (my black-box binary fuzzer). So far, these two approaches resulted in finding three security issues in jscript9.dll (default JavaScript engine used by Internet Explorer).Introduction or “when you can’t beat them, join them”
In the past, I’ve invested a lot of time in generation-based fuzzing, which was a successful way to find vulnerabilities in various targets, especially those that take some form of language as input. For example, Domato, my grammar-based generational fuzzer, found over 40 vulnerabilities in WebKit and numerous bugs in Jscript.
CVEList
Scripting Engine Memory Corruption Vulnerability
cvelistv5·2021-06-08·CVSS 6.4
CVE-2021-31959 [MEDIUM] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2021-06-08·CVSS 6.4
CVE-2021-31959 [MEDIUM] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires that a user open a specially crafted file.
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enti
No detection rules found.
No public exploits indexed.
Trendmicro
June Patch Tuesday: Internet Explorer Finally Laid to Rest
blogs_trendmicro·2021-06-08·CVSS 5.5
[MEDIUM] June Patch Tuesday: Internet Explorer Finally Laid to Rest
Ausnutzung von Schwachstellen
## June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
By: Trend Micro Jun 08, 2021 Read time: ( words)
Save to Folio
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender ( CVE-20
Trendmicro
June Patch Tuesday: Internet Explorer Finally Laid to Rest
blogs_trendmicro·2021-06-08·CVSS 5.5
[MEDIUM] June Patch Tuesday: Internet Explorer Finally Laid to Rest
Exploits & Vulnerabilities
## June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
By: Trend Micro 2021/06/08 Read time: ( words)
Save to Folio
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender ( CVE-2021-31
Krebs
Microsoft Patches Six Zero-Day Security Holes
blogs_krebs·2021-06-08·CVSS 5.2
[MEDIUM] Microsoft Patches Six Zero-Day Security Holes
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.
June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks.
Among the zero-days are:
–CVE-2021-33742, a remote code execution bug in a Windows HTML component.
–CVE-2021-31955, an information disclosure bug in the Windows Kernel
–CVE-2021-31956, an elevation of privilege flaw in Windows NTFS
–CVE-2021-33739, an elevation of privilege flaw
Qualys
Microsoft & Adobe Patch Tuesday (June 2021) – Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities | Qualys
blogs_qualys·2021-06-08·CVSS 5.2
CVE-2021-31985 [MEDIUM] Microsoft & Adobe Patch Tuesday (June 2021) – Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities | Qualys
### Microsoft Patch Tuesday – June 2021
Microsoft patched 50 CVEs in their June 2021 Patch Tuesday release, and five of them are rated as critical severity. Six have applicable exploits.
#### Critical Microsoft Vulnerabilities Patched
CVE-2021-31985 – Microsoft Defender Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.
CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability
Microsoft released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability impacts Windows RT, Windows 7, Windows 8, Windows 10, Windows Ser
Trendmicro
June Patch Tuesday: Internet Explorer Finally Laid to Rest
blogs_trendmicro·2021-06-08·CVSS 5.5
[MEDIUM] June Patch Tuesday: Internet Explorer Finally Laid to Rest
Sfruttamento vulnerabilità
## June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
By: Trend Micro Jun 08, 2021 Read time: ( words)
Save to Folio
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender ( CVE-2021-
Trendmicro
June Patch Tuesday: Internet Explorer Finally Laid to Rest
blogs_trendmicro·2021-06-08·CVSS 5.5
[MEDIUM] June Patch Tuesday: Internet Explorer Finally Laid to Rest
Exploits y vulnerabilidades
## June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
By: Trend Micro Jun 08, 2021 Read time: ( words)
Save to Folio
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender ( CVE-2021
Trendmicro
June Patch Tuesday: Internet Explorer Finally Laid to Rest
blogs_trendmicro·2021-06-08·CVSS 5.5
[MEDIUM] June Patch Tuesday: Internet Explorer Finally Laid to Rest
Exploits & Vulnerabilities
# June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
By: Trend Micro
2021/06/08
Read time: ( words)
Save to Folio
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender (CVE-2021-319
Trendmicro
June Patch Tuesday: Internet Explorer Finally Laid to Rest
blogs_trendmicro·2021-06-08·CVSS 5.5
[MEDIUM] June Patch Tuesday: Internet Explorer Finally Laid to Rest
Exploits & Vulnerabilities
## June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
By: Trend Micro Jun 08, 2021 Read time: ( words)
Save to Folio
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender ( CVE-2021-
Qualys
Microsoft & Adobe Patch Tuesday (June 2021) – Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities
blogs_qualys·2021-06-08·CVSS 5.2
CVE-2021-31985 [MEDIUM] Microsoft & Adobe Patch Tuesday (June 2021) – Microsoft 50 Vulnerabilities with 5 Critical, Adobe 21 Critical Vulnerabilities
## Microsoft Patch Tuesday – June 2021
Microsoft patched 50 CVEs in their June 2021 Patch Tuesday release, and five of them are rated as critical severity. Six have applicable exploits.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-31985 – Microsoft Defender Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE vulnerability in its Defender product (CVE-2021-31985). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 7.8 by the vendor.
CVE-2021-31959 – Scripting Engine Memory Corruption Vulnerability
Microsoft released patches addressing a critical memory corruption vulnerability in the Chakra JScript scripting engine. This vulnerability impacts Windows RT, Windows 7, Windows 8, Windows 10, Windows Server
Krebs
Microsoft Patches Six Zero-Day Security Holes
blogs_krebs·2021-06-08·CVSS 5.2
[MEDIUM] Microsoft Patches Six Zero-Day Security Holes
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.
June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks.
Among the zero-days are:
– CVE-2021-33742 , a remote code execution bug in a Windows HTML component.
– CVE-2021-31955 , an information disclosure bug in the Windows Kernel
– CVE-2021-31956 , an elevation of privilege flaw in Windows NTFS
– CVE-2021-33739 , an elevation of privilege
Trendmicro
June Patch Tuesday: Internet Explorer Finally Laid to Rest
blogs_trendmicro·2021-06-08·CVSS 5.5
[MEDIUM] June Patch Tuesday: Internet Explorer Finally Laid to Rest
Exploits & Vulnerabilities
## June Patch Tuesday: Internet Explorer Finally Laid to Rest
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators.
By: Trend Micro Jun 08, 2021 Read time: ( words)
Save to Folio
The June 2021 Patch Tuesday cycle offers good news to both IT and website administrators. For the former, the number of bulletins issued this month is, at 50, far lower than we’ve become accustomed to in recent months. The latter group, however, has much better news to process this month: Internet Explorer support finally comes to an end.
June Patches: Fifty Bulletins, But Only Five Critical
Of this month’s 50 bulletins, only five were rated by Microsoft as Critical. One of these bulletins covers a vulnerability in Microsoft Defender ( CVE-2021-
Zscaler
Zscaler found Windows Vulnerabilities | 06-08-2021
blogs_zscaler·CVSS 5.5
[MEDIUM] Zscaler found Windows Vulnerabilities | 06-08-2021
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Crowdstrike
June 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] June 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
June 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] June 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-06-08
Published