Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0111Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents4 sources
Severity
7.5HIGHNVD
EPSS
45.0%
top 2.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedMar 9
Latest updateMay 14

Description

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

10
GHSA
GHSA-8cm2-xr5f-hrc3: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corr2022-05-14
GHSA
GHSA-c4wj-pp55-3c9h: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf2022-05-14
GHSA
GHSA-xx68-3f2p-v63m: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf2022-05-14
GHSA
GHSA-37jx-fgfr-x4xh: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corr2022-05-14
GHSA
GHSA-gjhm-wv6j-6q22: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free (MS16-023)2016-04-05
CVE-2016-0111 — Microsoft vulnerability | cvebase