CVE-2016-7200
Microsoft Edge Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
El motor de secuencias de comandos Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242 y CVE-2016-7243.
There is an info leak in Array.filter. In Chakra, the destination array that arrays are filtered into is initialized using ArraySpeciesCreate, which can create both native and variable arrays. However, the loop that calls the filter function assumes that the destination array is a variable array, and sets each value using DirectSetItemAt, which is unsafe, and can lead to a var pointer being written to an integer array.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-11-10 CVE Published
- 2022-03-28 Exploited in Wild
- 2022-04-18 KEV Due Date
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-04 EPSS Updated
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/93968 | Broken Link | |
| http://www.securitytracker.com/id/1037245 | Broken Link | |
| https://github.com/theori-io/chakra-2016-11 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/40785 | 2024-08-06 | |
| https://www.exploit-db.com/exploits/40990 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 | 2024-07-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Edge Search vendor "Microsoft" for product "Edge" | - | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 1507 Search vendor "Microsoft" for product "Windows 10 1507" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Edge Search vendor "Microsoft" for product "Edge" | - | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 1511 Search vendor "Microsoft" for product "Windows 10 1511" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Edge Search vendor "Microsoft" for product "Edge" | - | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 1607 Search vendor "Microsoft" for product "Windows 10 1607" | - | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Edge Search vendor "Microsoft" for product "Edge" | - | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | x64 |
Safe
|