7.6

CVE-2016-0189

Warning
Exploit

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftJscript Version5.8
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftVbscript Version5.7
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftVbscript Version5.8
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftVbscript Version5.7
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2
MicrosoftInternet Explorer Version10
   MicrosoftWindows Server 2012 Version-
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 1507 Version-
   MicrosoftWindows 10 1511 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Versionr2

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Memory Corruption Vulnerability

Vulnerability

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 92.26% 0.997
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1035820
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/90012
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/40118/
Third Party Advisory
VDB Entry