CVE-2016-7200

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:-:*:*:*:*:x64:*

History

09 Jul 2024, 18:21

Type Values Removed Values Added
CWE CWE-119 CWE-787
CPE cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:-:*:*:*:*:x64:*
References () http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html - () http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html - Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/93968 - () http://www.securityfocus.com/bid/93968 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1037245 - () http://www.securitytracker.com/id/1037245 - Broken Link, Third Party Advisory, VDB Entry
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 - Patch, Vendor Advisory
References () https://github.com/theori-io/chakra-2016-11 - () https://github.com/theori-io/chakra-2016-11 - Third Party Advisory
References () https://www.exploit-db.com/exploits/40785/ - () https://www.exploit-db.com/exploits/40785/ - Exploit, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/40990/ - () https://www.exploit-db.com/exploits/40990/ - Third Party Advisory, VDB Entry
First Time Microsoft windows 10 1507
Microsoft windows Server 2016
Microsoft windows 10 1511
Microsoft windows 10 1607
CVSS v2 : 7.6
v3 : 7.5
v2 : 7.6
v3 : 8.8

Information

Published : 2016-11-10 06:59

Updated : 2024-07-09 18:21


NVD link : CVE-2016-7200

Mitre link : CVE-2016-7200

CVE.ORG link : CVE-2016-7200


JSON object : View

Products Affected

microsoft

  • windows_10_1511
  • windows_server_2016
  • windows_10_1507
  • edge
  • windows_10_1607
CWE
CWE-787

Out-of-bounds Write