CVE-2016-3202

HIGH

Description

The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

References

http://www.securitytracker.com/id/1036096

http://www.securitytracker.com/id/1036099

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068

Details

Source: MITRE

Published: 2016-06-16

Updated: 2018-10-12

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH