cbcvebase.
CVE-2016-0193
published 2016-05-11

CVE-2016-0193: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted…

PriorityP273high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.08%
97.1th percentile
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191.

Affected

4 ranges
VendorProductVersion rangeFixed in
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in the Chakra JavaScript engine (Microsoft Edge) — target scripting engine memory corruption via crafted web content
  • Attack vector is a specially crafted website or an ActiveX control marked 'safe for initialization' embedded in an application or Office document hosting the browser rendering engine
  • ·Exploit Status rated 'Exploitation More Likely' for latest software release; no public exploit or in-the-wild exploitation confirmed at time of advisory
  • ·This is a distinct vulnerability from CVE-2016-0186 and CVE-2016-0191, which are also Chakra scripting engine memory corruption issues — ensure detections differentiate between the three

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
vendor_msrc7.5CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.