Vulnerability Details CVE-2016-0189
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.925
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.6
Proposed Action
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/90012
- http://www.securitytracker.com/id/1035820
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053
- https://www.exploit-db.com/exploits/40118/
- https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/
- http://www.securityfocus.com/bid/90012
- http://www.securitytracker.com/id/1035820
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053
- https://www.exploit-db.com/exploits/40118/
- https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/
Products affected by CVE-2016-0189
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11
-
cpe:2.3:a:microsoft:internet_explorer:9
-
cpe:2.3:a:microsoft:jscript:5.8
-
cpe:2.3:a:microsoft:vbscript:5.7
-
cpe:2.3:a:microsoft:vbscript:5.8
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_10_1511:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_vista:-