cvelistv5 - CVE-2016-3202

CVE-2016-3202 (GCVE-0-2016-3202)

Vulnerability from cvelistv5 – Published: 2016-06-16 01:00 – Updated: 2024-08-05 23:47

Summary

The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securitytracker.com/id/1036099	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1036096	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:58.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS16-063",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
          },
          {
            "name": "1036099",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036099"
          },
          {
            "name": "1036096",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036096"
          },
          {
            "name": "MS16-068",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS16-063",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
        },
        {
          "name": "1036099",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036099"
        },
        {
          "name": "1036096",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036096"
        },
        {
          "name": "MS16-068",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3202",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS16-063",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
            },
            {
              "name": "1036099",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036099"
            },
            {
              "name": "1036096",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036096"
            },
            {
              "name": "MS16-068",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-3202",
    "datePublished": "2016-06-16T01:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:58.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BD5B232-95EA-4F8E-8C7D-7976877AD243\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5808661-A082-4CBE-808C-B253972487B4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:chakra_javascript:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"001C21C6-A36E-4E95-AAEA-4640B5F1D4E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:jscript:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF39F563-9B6F-4C18-BFBC-A94E9885FC94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:vbscript:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0704D31B-9865-4959-98E1-00C96E712682\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \\\"Scripting Engine Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Los motores de Microsoft (1) Chakra de JavaScript, (2) JScript y (3) VBScript, tal como se utilizan en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, permiten a atacantes remotos ejecutar c\\u00f3digo arbitrario o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de un sitio web manipulado, tambi\\u00e9n conocida como \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}]",
      "id": "CVE-2016-3202",
      "lastModified": "2024-11-21T02:49:35.630",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-06-16T01:59:09.137",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1036096\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036099\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036096\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036099\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}, {\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-3202\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2016-06-16T01:59:09.137\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \\\"Scripting Engine Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Los motores de Microsoft (1) Chakra de JavaScript, (2) JScript y (3) VBScript, tal como se utilizan en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocida como \\\"Scripting Engine Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD5B232-95EA-4F8E-8C7D-7976877AD243\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5808661-A082-4CBE-808C-B253972487B4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakra_javascript:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"001C21C6-A36E-4E95-AAEA-4640B5F1D4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:jscript:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF39F563-9B6F-4C18-BFBC-A94E9885FC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:vbscript:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0704D31B-9865-4959-98E1-00C96E712682\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1036096\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1036099\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1036096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2016-3202

Vulnerability from fkie_nvd - Published: 2016-06-16 01:59 - Updated: 2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@microsoft.com	http://www.securitytracker.com/id/1036096
	secure@microsoft.com	http://www.securitytracker.com/id/1036099
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036096
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036099
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068

Impacted products

Vendor	Product	Version
microsoft	edge	*
microsoft	internet_explorer	10
microsoft	internet_explorer	11
microsoft	chakra_javascript	*
microsoft	jscript	*
microsoft	vbscript	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:chakra_javascript:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "001C21C6-A36E-4E95-AAEA-4640B5F1D4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:jscript:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF39F563-9B6F-4C18-BFBC-A94E9885FC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:vbscript:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0704D31B-9865-4959-98E1-00C96E712682",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Los motores de Microsoft (1) Chakra de JavaScript, (2) JScript y (3) VBScript, tal como se utilizan en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocida como \"Scripting Engine Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2016-3202",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-16T01:59:09.137",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1036096"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1036099"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-04057

Vulnerability from cnvd - Published: 2016-06-16

Title

Microsoft脚本引擎内存破坏漏洞

Description

Microsoft Internet Explorer（IE）和Microsoft Edge都是美国微软（Microsoft）公司开发的Web浏览器。前者是Windows 10之前操作系统附带的默认浏览器，后者是最新操作系统Windows 10附带的默认浏览器。JScript是其中的一种解释性的基于对象的脚本语言；VBScript（全称Visual Basic Script）是其中的一种脚本语言，也是ASP动态网页默认的编程语言。 Microsoft IE 11版本和Microsoft Edge中使用的JScript 9、JScript和VBScript引擎的呈现方式存在远程执行代码漏洞。攻击者可利用该漏洞破坏内存，在当前用户的上下文中执行任意代码，获得与当前用户相同的用户权限。

Severity

高

Patch Name

Microsoft脚本引擎内存破坏漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://technet.microsoft.com/library/security/ms16-063

Reference

https://technet.microsoft.com/library/security/ms16-063

Impacted products

Name
['Microsoft Internet Explorer 10', 'Microsoft Internet Explorer 11', 'Microsoft Edge']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3202"
    }
  },
  "description": "Microsoft Internet Explorer\uff08IE\uff09\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684Web\u6d4f\u89c8\u5668\u3002\u524d\u8005\u662fWindows 10\u4e4b\u524d\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff0c\u540e\u8005\u662f\u6700\u65b0\u64cd\u4f5c\u7cfb\u7edfWindows 10\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002JScript\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u89e3\u91ca\u6027\u7684\u57fa\u4e8e\u5bf9\u8c61\u7684\u811a\u672c\u8bed\u8a00\uff1bVBScript\uff08\u5168\u79f0Visual Basic Script\uff09\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u811a\u672c\u8bed\u8a00\uff0c\u4e5f\u662fASP\u52a8\u6001\u7f51\u9875\u9ed8\u8ba4\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nMicrosoft IE 11\u7248\u672c\u548cMicrosoft Edge\u4e2d\u4f7f\u7528\u7684JScript 9\u3001JScript\u548cVBScript\u5f15\u64ce\u7684\u5448\u73b0\u65b9\u5f0f\u5b58\u5728\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u5185\u5b58\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u5f97\u4e0e\u5f53\u524d\u7528\u6237\u76f8\u540c\u7684\u7528\u6237\u6743\u9650\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://technet.microsoft.com/library/security/ms16-063",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04057",
  "openTime": "2016-06-16",
  "patchDescription": "Microsoft Internet Explorer\uff08IE\uff09\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684Web\u6d4f\u89c8\u5668\u3002\u524d\u8005\u662fWindows 10\u4e4b\u524d\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff0c\u540e\u8005\u662f\u6700\u65b0\u64cd\u4f5c\u7cfb\u7edfWindows 10\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002JScript\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u89e3\u91ca\u6027\u7684\u57fa\u4e8e\u5bf9\u8c61\u7684\u811a\u672c\u8bed\u8a00\uff1bVBScript\uff08\u5168\u79f0Visual Basic Script\uff09\u662f\u5176\u4e2d\u7684\u4e00\u79cd\u811a\u672c\u8bed\u8a00\uff0c\u4e5f\u662fASP\u52a8\u6001\u7f51\u9875\u9ed8\u8ba4\u7684\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nMicrosoft IE 11\u7248\u672c\u548cMicrosoft Edge\u4e2d\u4f7f\u7528\u7684JScript 9\u3001JScript\u548cVBScript\u5f15\u64ce\u7684\u5448\u73b0\u65b9\u5f0f\u5b58\u5728\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u5185\u5b58\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u5f97\u4e0e\u5f53\u524d\u7528\u6237\u76f8\u540c\u7684\u7528\u6237\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft\u811a\u672c\u5f15\u64ce\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Internet Explorer 10",
      "Microsoft Internet Explorer 11",
      "Microsoft Edge"
    ]
  },
  "referenceLink": "https://technet.microsoft.com/library/security/ms16-063",
  "serverity": "\u9ad8",
  "submitTime": "2016-06-15",
  "title": "Microsoft\u811a\u672c\u5f15\u64ce\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}

CERTFR-2016-AVI-203

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-063 du 14 juin 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3205"
    },
    {
      "name": "CVE-2016-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3212"
    },
    {
      "name": "CVE-2016-3207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3207"
    },
    {
      "name": "CVE-2016-3211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3211"
    },
    {
      "name": "CVE-2016-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0200"
    },
    {
      "name": "CVE-2016-3206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3206"
    },
    {
      "name": "CVE-2016-3202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3202"
    },
    {
      "name": "CVE-2016-0199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0199"
    },
    {
      "name": "CVE-2016-3213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3213"
    },
    {
      "name": "CVE-2016-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3210"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-203",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-063 du 14 juin 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-063"
    }
  ]
}

CERTFR-2016-AVI-204

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Edge

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-068 du 14 juin 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Edge\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3222"
    },
    {
      "name": "CVE-2016-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3215"
    },
    {
      "name": "CVE-2016-3201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3201"
    },
    {
      "name": "CVE-2016-3214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3214"
    },
    {
      "name": "CVE-2016-3199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3199"
    },
    {
      "name": "CVE-2016-3198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3198"
    },
    {
      "name": "CVE-2016-3202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3202"
    },
    {
      "name": "CVE-2016-3203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3203"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-204",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-068 du 14 juin 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-068"
    }
  ]
}

CERTFR-2016-AVI-203

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-063 du 14 juin 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3205"
    },
    {
      "name": "CVE-2016-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3212"
    },
    {
      "name": "CVE-2016-3207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3207"
    },
    {
      "name": "CVE-2016-3211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3211"
    },
    {
      "name": "CVE-2016-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0200"
    },
    {
      "name": "CVE-2016-3206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3206"
    },
    {
      "name": "CVE-2016-3202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3202"
    },
    {
      "name": "CVE-2016-0199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0199"
    },
    {
      "name": "CVE-2016-3213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3213"
    },
    {
      "name": "CVE-2016-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3210"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-203",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-063 du 14 juin 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-063"
    }
  ]
}

CERTFR-2016-AVI-204

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Edge

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-068 du 14 juin 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Edge\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3222"
    },
    {
      "name": "CVE-2016-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3215"
    },
    {
      "name": "CVE-2016-3201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3201"
    },
    {
      "name": "CVE-2016-3214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3214"
    },
    {
      "name": "CVE-2016-3199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3199"
    },
    {
      "name": "CVE-2016-3198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3198"
    },
    {
      "name": "CVE-2016-3202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3202"
    },
    {
      "name": "CVE-2016-3203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3203"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-204",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-068 du 14 juin 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-068"
    }
  ]
}

GSD-2016-3202

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-3202

Aliases

CVE-2016-3202

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3202",
    "description": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"",
    "id": "GSD-2016-3202"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3202"
      ],
      "details": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"",
      "id": "GSD-2016-3202",
      "modified": "2023-12-13T01:21:27.422230Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2016-3202",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS16-063",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
          },
          {
            "name": "1036099",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036099"
          },
          {
            "name": "1036096",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036096"
          },
          {
            "name": "MS16-068",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.2.0.0)",
          "affected_versions": "All versions before 1.2.0.0",
          "cvss_v2": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-119",
            "CWE-20",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2023-07-31",
          "description": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"",
          "fixed_versions": [
            "1.2.0.0"
          ],
          "identifier": "CVE-2016-3202",
          "identifiers": [
            "GHSA-ww6f-76ff-phhj",
            "CVE-2016-3202"
          ],
          "not_impacted": "All versions starting from 1.2.0.0",
          "package_slug": "nuget/Microsoft.ChakraCore",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to version 1.2.0.0 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-3202",
            "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063",
            "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068",
            "https://github.com/chakra-core/ChakraCore/commit/ff9067ebe9e1c92eff4e25da95070bfd5942da07",
            "https://web.archive.org/web/20211129115034/http://www.securitytracker.com/id/1036099",
            "https://web.archive.org/web/20211208124350/http://www.securitytracker.com/id/1036096",
            "https://github.com/advisories/GHSA-ww6f-76ff-phhj"
          ],
          "uuid": "8ba39da3-d495-420c-8ca6-0939ef44697e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:chakra_javascript:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:vbscript:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:jscript:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3202"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                },
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036096",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036096"
            },
            {
              "name": "1036099",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036099"
            },
            {
              "name": "MS16-068",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
            },
            {
              "name": "MS16-063",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-12T22:11Z",
      "publishedDate": "2016-06-16T01:59Z"
    }
  }
}

GHSA-WW6F-76FF-PHHJ

Vulnerability from github – Published: 2022-05-14 02:24 – Updated: 2023-11-02 19:41

Summary

ChakraCore RCE Vulnerability

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.ChakraCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-3202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-31T20:29:04Z",
    "nvd_published_at": "2016-06-16T01:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"",
  "id": "GHSA-ww6f-76ff-phhj",
  "modified": "2023-11-02T19:41:13Z",
  "published": "2022-05-14T02:24:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3202"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/commit/ff9067ebe9e1c92eff4e25da95070bfd5942da07"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chakra-core/ChakraCore"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20211129115034/http://www.securitytracker.com/id/1036099"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20211208124350/http://www.securitytracker.com/id/1036096"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ChakraCore RCE Vulnerability"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-3202 (GCVE-0-2016-3202)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature