Scripting Engine Memory Corruption Vulnerability in Microsoft Products
CVE-2016-3202

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Chakra Javascript
Jscript
Vbscript
Vendor
CVE Published:
16 June 2016

Summary

The vulnerability affects the Chakra, JScript, and VBScript engines within Microsoft Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. It enables remote attackers to exploit this flaw through a specially crafted website, leading to unauthorized execution of arbitrary code or denial of service due to memory corruption. Addressing this vulnerability is crucial for maintaining secure web interactions and preventing potential exploits.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securitytracker.com/id/1036099
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1036096
vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.