All the vulnerabilites related to microsoft - chakra_javascript
Vulnerability from fkie_nvd
Published
2016-06-16 01:59
Modified
2024-11-21 02:49
Severity ?
Summary
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | edge | * | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 | |
microsoft | chakra_javascript | * | |
microsoft | jscript | * | |
microsoft | vbscript | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:chakra_javascript:*:*:*:*:*:*:*:*", "matchCriteriaId": "001C21C6-A36E-4E95-AAEA-4640B5F1D4E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:jscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF39F563-9B6F-4C18-BFBC-A94E9885FC94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:vbscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "0704D31B-9865-4959-98E1-00C96E712682", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Los motores de Microsoft (1) Chakra de JavaScript, (2) JScript y (3) VBScript, tal como se utilizan en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocida como \"Scripting Engine Memory Corruption Vulnerability\"." } ], "id": "CVE-2016-3202", "lastModified": "2024-11-21T02:49:35.630", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-06-16T01:59:09.137", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1036096" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1036099" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036096" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036099" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" }, { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2016-3202
Vulnerability from cvelistv5
Published
2016-06-16 01:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
References
▼ | URL | Tags |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 | vendor-advisory, x_refsource_MS | |
http://www.securitytracker.com/id/1036099 | vdb-entry, x_refsource_SECTRACK | |
http://www.securitytracker.com/id/1036096 | vdb-entry, x_refsource_SECTRACK | |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068 | vendor-advisory, x_refsource_MS |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:47:58.209Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MS16-063", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" }, { "name": "1036099", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036099" }, { "name": "1036096", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036096" }, { "name": "MS16-068", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "MS16-063", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" }, { "name": "1036099", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036099" }, { "name": "1036096", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036096" }, { "name": "MS16-068", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2016-3202", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MS16-063", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063" }, { "name": "1036099", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036099" }, { "name": "1036096", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036096" }, { "name": "MS16-068", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2016-3202", "datePublished": "2016-06-16T01:00:00", "dateReserved": "2016-03-15T00:00:00", "dateUpdated": "2024-08-05T23:47:58.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }