Memory Corruption Vulnerability in Internet Explorer and Microsoft Scripting Engines
CVE-2016-0189

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Jscript; Vbscript
Vendor: CVE Published:; 11 May 2016

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%🦅 CISA Reported

What is CVE-2016-0189?

This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service through memory corruption in Microsoft JScript and VBScript engines. Affected systems such as Internet Explorer (versions 9 to 11) are susceptible to exploitation via specially crafted web pages, resulting in potential unauthorized access to system resources.

CISA has reported CVE-2016-0189

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2016-0189 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2016-0189 - Proof of Concept

cve-2016-0189
Created by theori-io

MS16-051-poc
Created by deamwork