CVE-2016-0189
CVE-2016-0189
In short
A flaw in Microsoft's JScript and VBScript engines used by Internet Explorer allows attackers to run malicious code or crash the browser by visiting a specially designed website.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in JScript 5.8 and VBScript 5.7/5.8 engines used in Internet Explorer 9-11. Remote attacker delivers crafted HTML/script via web page; no authentication required. Results in arbitrary code execution or denial of service through memory corruption.
Summary generated and translated by AI from the official description.
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/theori-io/cve-2016-0189★ 114githubgithub.com/deamwork/MS16-051-poc★ 3exploitdbwww.exploit-db.com/exploits/40118unverifiedcve_referencewww.exploit-db.com/exploits/40118/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0189https://www.exploit-db.com/exploits/40118/https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/http://www.securityfocus.com/bid/90012http://www.securitytracker.com/id/1035820