7.6

CVE-2016-0189

Warnung
Exploit

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftJscript Version5.8
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftVbscript Version5.7
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftVbscript Version5.8
   MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftVbscript Version5.7
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Vista Version- Updatesp2
MicrosoftInternet Explorer Version10
   MicrosoftWindows Server 2012 Version-
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 1507 Version-
   MicrosoftWindows 10 1511 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Versionr2

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Memory Corruption Vulnerability

Schwachstelle

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 92.26% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1035820
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/90012
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/40118/
Third Party Advisory
VDB Entry