Lucene search

[email protected]CVE-2016-3259

HistoryJul 13, 2016 - 1:59 a.m.

CVE-2016-3259

2016-07-1301:59:20

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-3259

microsoft

jscript

vbscript

chakra

javascript

memory corruption

ie9

ie10

ie11

edge

remote code execution

denial of service

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.154

Percentile

95.9%

JSON

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3248.

Affected configurations

NVD

Node

microsoftedgeMatch-

microsoftinternet_explorerMatch9

microsoftinternet_explorerMatch10

microsoftinternet_explorerMatch11-

VendorProductVersionCPE
microsoftedge-cpe:/a:microsoft:edge:-:::
microsoftinternet_explorer9cpe:/a:microsoft:internet_explorer:9:::
microsoftinternet_explorer11cpe:/a:microsoft:internet_explorer:11:-::
microsoftinternet_explorer10cpe:/a:microsoft:internet_explorer:10:::

Vendor	Product	Version	CPE
microsoft	edge	-	cpe:/a:microsoft:edge:-:::
microsoft	internet_explorer	9	cpe:/a:microsoft:internet_explorer:9:::
microsoft	internet_explorer	11	cpe:/a:microsoft:internet_explorer:11:-::
microsoft	internet_explorer	10	cpe:/a:microsoft:internet_explorer:10:::