8.8

CVE-2016-7200

Warning
Exploit

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftEdge Version-
   MicrosoftWindows 10 1507 Version-
   MicrosoftWindows 10 1511 Version-
   MicrosoftWindows 10 1607 Version-
   MicrosoftWindows Server 2016 Version- Update- HwPlatformx64

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Edge Memory Corruption Vulnerability

Vulnerability

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 89.4% 0.995
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securitytracker.com/id/1037245
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/93968
Third Party Advisory
Broken Link
VDB Entry
https://github.com/theori-io/chakra-2016-11
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/40785/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/40990/
Third Party Advisory
Exploit
VDB Entry