CVE-2016-7200
CVE-2016-7200
In short
A flaw in Microsoft Edge's JavaScript engine allows attackers to run malicious code or crash your browser by visiting a specially crafted website. This happens because the engine doesn't properly manage memory, leaving it vulnerable to abuse.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in the Chakra JavaScript engine allows remote code execution or denial of service through crafted JavaScript. Attack vector is network-based via malicious web content; no user interaction beyond visiting a compromised site is required. Impact includes arbitrary code execution with browser privileges and memory corruption.
Summary generated and translated by AI from the official description.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/theori-io/chakra-2016-11★ 140cve_referencepacketstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40785/unverifiedcve_referencewww.exploit-db.com/exploits/40990/unverifiedexploitdbwww.exploit-db.com/exploits/40785unverifiedexploitdbwww.exploit-db.com/exploits/40990unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129https://github.com/theori-io/chakra-2016-11https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7200https://www.exploit-db.com/exploits/40785/https://www.exploit-db.com/exploits/40990/http://www.securityfocus.com/bid/93968http://www.securitytracker.com/id/1037245