CVE-2016-7286
Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297.
Los motores de secuencias de comandos en Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-7288, CVE-2016-7296 y CVE-2016-7297.
Microsoft Edge suffers from an uninitialized memory vulnerability in SIMD.toLocaleString.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-12-20 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/140250/Microsoft-Edge-SIMD.toLocaleString-Uninitialized-Memory.html | X_refsource_misc |
|
| http://www.securityfocus.com/bid/94748 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037444 | Third Party Advisory | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=961 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/40947 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 | 2018-10-12 |