The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/94038 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037245 | Broken Link Third Party Advisory VDB Entry |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 | Patch Vendor Advisory |
https://github.com/theori-io/chakra-2016-11 | Third Party Advisory |
https://www.exploit-db.com/exploits/40784/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/40990/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Jul 2024, 18:21
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.6
v3 : 8.8 |
References | () http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/94038 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1037245 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 - Patch, Vendor Advisory | |
References | () https://github.com/theori-io/chakra-2016-11 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/40784/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/40990/ - Exploit, Third Party Advisory, VDB Entry | |
First Time |
Microsoft windows 10 1507
Microsoft windows Server 2016 Microsoft windows 10 1511 Microsoft windows 10 1607 |
|
CPE | cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:* cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:* |
|
CWE | CWE-843 |
Information
Published : 2016-11-10 06:59
Updated : 2024-07-09 18:21
NVD link : CVE-2016-7201
Mitre link : CVE-2016-7201
CVE.ORG link : CVE-2016-7201
JSON object : View
Products Affected
microsoft
- windows_10_1511
- windows_server_2016
- windows_10_1507
- edge
- windows_10_1607
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')