Lucene search

MicrosoftCVE-2016-0189

HistoryMay 11, 2016 - 1:59 a.m.

CVE-2016-0189

2016-05-1101:59:30

CWE-787

microsoft

web.nvd.nist.gov

947

In Wild

cve-2016-0189

microsoft

jscript

vbscript

internet explorer

remote attackers

arbitrary code

denial of service

memory corruption

vulnerability

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0187.

Affected configurations

Nvd

Node

microsoftjscriptMatch5.8

microsoftvbscriptMatch5.7

microsoftvbscriptMatch5.8

AND

microsoftwindows_server_2008Matchr2sp1

Node

microsoftvbscriptMatch5.7

AND

microsoftwindows_server_2008Match-sp2

microsoftwindows_vistaMatch-sp2

Node

microsoftinternet_explorerMatch9

AND

microsoftwindows_server_2008Match-sp2

microsoftwindows_vistaMatch-sp2

Node

microsoftinternet_explorerMatch10

AND

microsoftwindows_server_2012Match-

Node

microsoftinternet_explorerMatch11-

AND

microsoftwindows_10_1507Match-

microsoftwindows_10_1511Match-

microsoftwindows_7Match-sp1

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Matchr2

VendorProductVersionCPE
microsoftjscript5.8cpe:2.3:a:microsoft:jscript:5.8:*:*:*:*:*:*:*
microsoftvbscript5.7cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*
microsoftvbscript5.8cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
microsoftinternet_explorer9cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
microsoftinternet_explorer10cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
microsoftwindows_server_2012-cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
microsoftinternet_explorer11cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	jscript	5.8	cpe:2.3:a:microsoft:jscript:5.8:::::::*
microsoft	vbscript	5.7	cpe:2.3:a:microsoft:vbscript:5.7:::::::*
microsoft	vbscript	5.8	cpe:2.3:a:microsoft:vbscript:5.8:::::::*
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
microsoft	windows_server_2008	-	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
microsoft	windows_vista	-	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
microsoft	internet_explorer	9	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
microsoft	internet_explorer	10	cpe:2.3:a:microsoft:internet_explorer:10:::::::*
microsoft	windows_server_2012	-	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
microsoft	internet_explorer	11	cpe:2.3:a:microsoft:internet_explorer:11:-::::::