Scripting Engine Memory Corruption Vulnerability in Microsoft Products
CVE-2016-0187

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Jscript
Vbscript
Vendor
CVE Published:
11 May 2016

Summary

The vulnerability allows remote attackers to execute arbitrary code or initiate a denial of service by exploiting memory corruption in the JScript and VBScript engines. When a user visits a specially crafted website, the susceptible versions of Internet Explorer can be compromised, leading to unauthorized code execution on the user's system. This attack vector highlights the risks of using outdated browsers and underscores the importance of applying security updates to mitigate potential threats.

References

http://www.securityfocus.com/bid/90011
vdb-entryx_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.