Vulnerabilities > CVE-2016-7200 - Out-of-bounds Write vulnerability in Microsoft Edge
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 4 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution. CVE-2016-7200,CVE-2016-7201. Remote exploit for Windows platform... file exploits/windows/remote/40990.txt id EDB-ID:40990 last seen 2017-01-06 modified 2017-01-05 platform windows port published 2017-01-05 reporter Exploit-DB source https://www.exploit-db.com/download/40990/ title Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution type remote description Microsoft Edge - 'Array.filter' Info Leak. CVE-2016-7200. Dos exploit for Windows platform file exploits/windows/dos/40785.html id EDB-ID:40785 last seen 2016-11-19 modified 2016-11-18 platform windows port published 2016-11-18 reporter Exploit-DB source https://www.exploit-db.com/download/40785/ title Microsoft Edge - 'Array.filter' Info Leak type dos
Msbulletin
bulletin_id | MS16-129 |
bulletin_url | |
date | 2016-11-08T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 3199057 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Microsoft Edge |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS16-129.NASL |
description | The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3199057. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 94630 |
published | 2016-11-08 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/94630 |
title | MS16-129: Cumulative Security Update for Microsoft Edge (3199057) |
code |
|
References
- http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html
- http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html
- http://www.securityfocus.com/bid/93968
- http://www.securityfocus.com/bid/93968
- http://www.securitytracker.com/id/1037245
- http://www.securitytracker.com/id/1037245
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129
- https://github.com/theori-io/chakra-2016-11
- https://github.com/theori-io/chakra-2016-11
- https://www.exploit-db.com/exploits/40785/
- https://www.exploit-db.com/exploits/40785/
- https://www.exploit-db.com/exploits/40990/
- https://www.exploit-db.com/exploits/40990/