CVE-2016-0024 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Edge ON Windows 10 FOR 32-bit Systems

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

8.8HIGHNVD

EPSS

32.4%

top 3.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems Msrc Microsoft Edge ON Windows 10 FOR X64-based Systems Msrc Microsoft Edge ON Windows 10 Version 1511 FOR 32-bit Systems +4 more

Timeline

PublishedJan 13

Latest updateMay 14

Description

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶msrcmsrc/microsoft_edge_on_windows_server_2016

▶msrcmsrc/microsoft_edge_on_windows_10_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_x64-based_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1607_for_32-bit_systems

🔴Vulnerability Details

OSV

ChakraCore RCE Vulnerability↗2022-05-14

▶

GHSA

ChakraCore RCE Vulnerability↗2022-05-14

▶

📋Vendor Advisories

VMware

vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue↗2016-12-20

▶

Microsoft

Scripting Engine Memory Corruption Vulnerability↗2016-01-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2016↗2016-01-12

▶

Talos

Microsoft Patch Tuesday - January 2016↗2016-01-12

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 01-12-2016↗

▶

💬Community

Bugzilla

CVE-2016-8642 CVE-2016-8643 CVE-2016-8644 moodle: Multiple security issues↗2016-12-02

▶