⚠ Actively exploited

Added to CISA KEV on 2022-03-28. Federal agencies required to patch by 2022-04-18. Required action: Apply updates per vendor instructions..

CVE-2016-0189

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow31 documents14 sources

Severity

7.5HIGH

EPSS

91.3%

top 0.35%

CISA KEV

KEV

Added 2022-03-28

Due 2022-04-18

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Internet Explorer Microsoft Jscript Microsoft Vbscript

Timeline

PublishedMay 11

KEV addedMar 28

KEV dueApr 18

Latest updateMay 14

CISA Required Action: Apply updates per vendor instructions.

Description

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

▶NVDmicrosoft/jscript5.8

▶NVDmicrosoft/vbscript5.7, 5.8+1

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qw68-vqp7-ff9r: The Microsoft (1) JScript 5↗2022-05-14

▶

CVEList

CVE-2016-0189: The Microsoft (1) JScript 5↗2016-05-11

▶

VulnCheck

Microsoft Internet Explorer Memory Corruption Vulnerability↗2016

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)↗2016-06-22

▶

Metasploit

Internet Explorer 11 VBScript Engine Memory Corruption↗

▶

🔍Detection Rules

Suricata

ET EXPLOIT CVE-2016-0189 Exploit HFS Actor↗2017-09-07

▶

Suricata

ET EXPLOIT CVE-2016-0189 Exploit↗2017-09-07

▶

Suricata

ET EXPLOIT_KIT Terror EK CVE-2016-0189 Exploit↗2017-04-04

▶

Suricata

ET EXPLOIT_KIT Terror EK CVE-2015-2419 Exploit↗2017-04-04

▶

Suricata

ET EXPLOIT_KIT Terror EK CVE-2016-0189 Exploit M2↗2017-04-04

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Memory Corruption Vulnerability↗2022-03-28

▶

Microsoft

Scripting Engine Memory Corruption Vulnerability↗2016-05-10

▶

🕵️Threat Intelligence

Unit42

The Old and New: Current Trends in Web-based Threats↗2018-06-20

▶

Securelist

The King is dead. Long live the King!↗2018-05-09

▶

💬Community

Bugzilla

CVE-2016-5684 freeimage: XMP Image Handling Code Execution Vulnerability↗2016-10-04

▶