The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft PowerShell

vulnerability bulletin 29223

Windows PowerShell: code execution

Synthesis of the vulnerability

An attacker can spread a script the filename of which includes special characters, to make Windows PowerShell run it instead of the intended script.
Impacted products: Windows PowerShell.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 03/05/2019.
Identifiers: VIGILANCE-VUL-29223.

Description of the vulnerability

An attacker can spread a script the filename of which includes special characters, to make Windows PowerShell run it instead of the intended script.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-8292

Microsoft Windows PowerShell: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Microsoft Windows PowerShell, in order to obtain sensitive information.
Impacted products: Windows PowerShell.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 10/10/2018.
Identifiers: CERTFR-2018-AVI-486, CVE-2018-8292, VIGILANCE-VUL-27451.

Description of the vulnerability

An attacker can bypass access restrictions to data of Microsoft Windows PowerShell, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0875

PowerShell Core: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of PowerShell Core, in order to trigger a denial of service.
Impacted products: Windows PowerShell.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/03/2018.
Identifiers: CVE-2018-0875, VIGILANCE-VUL-25543.

Description of the vulnerability

An attacker can generate a fatal error of PowerShell Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0764 CVE-2018-0784 CVE-2018-0785

Microsoft .NET: vulnerabilities of January 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: .NET Framework, Windows PowerShell.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/01/2018.
Revision date: 29/01/2018.
Identifiers: CERTFR-2018-AVI-023, CVE-2018-0764, CVE-2018-0784, CVE-2018-0785, CVE-2018-0786, VIGILANCE-VUL-24991.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft PowerShell: