CVE-2016-7201
CVE-2016-7201
In short
A flaw in Microsoft Edge's JavaScript engine allows attackers to run malicious code or crash the browser by visiting a crafted website. This happens because the engine doesn't properly manage memory, leaving it vulnerable to exploitation.
Technical detail
Type confusion vulnerability in Chakra JavaScript engine enables remote code execution or denial of service through crafted web content. Attack requires user to visit a malicious site; no authentication or user interaction beyond browsing is needed. Memory corruption leads to arbitrary code execution with Edge process privileges.
Summary generated and translated by AI from the official description.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
cve_referencepacketstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40784/unverifiedcve_referencewww.exploit-db.com/exploits/40990/unverifiedexploitdbwww.exploit-db.com/exploits/40784unverifiedexploitdbwww.exploit-db.com/exploits/40990unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129https://github.com/theori-io/chakra-2016-11https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7201https://www.exploit-db.com/exploits/40784/https://www.exploit-db.com/exploits/40990/http://www.securityfocus.com/bid/94038http://www.securitytracker.com/id/1037245