This script demonstrates a possible issue whereby Windows Script Host will crash with an out-of-bounds exception when trying to access the global scope within JScript. This is a new bug that was introduced with a recent patch to the Scripting Host in Windows 10 and 11.
Last active
November 20, 2025 21:50
-
-
Save UniDyne/f72fe89b0957495961b8737f9339b9ca to your computer and use it in GitHub Desktop.
JScript Runtime - Global Scope
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <package> | |
| <job id="Test"> | |
| <script language="JScript"><![CDATA[ | |
| !function(global) { | |
| global.testMe = function() { | |
| // this never executes | |
| WScript.StdOut.WriteLine("Got here."); | |
| return "test"; | |
| }; | |
| }(this); | |
| function main() { | |
| // outputs 'function' | |
| WScript.StdOut.WriteLine(typeof testMe); | |
| // does nothing | |
| var x = testMe(); | |
| WScript.StdOut.WriteLine(x); | |
| } | |
| main(); | |
| testMe(); | |
| ]]></script> | |
| </job> | |
| </package> |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
0xc0000005is a memory access violation. Is it exploitable?