CVE-2016-3260Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
8.8HIGHNVD
EPSS
20.4%
top 4.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJul 13
Latest updateMay 14

Description

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
OSV
ChakraCore RCE Vulnerability2022-05-14
GHSA
ChakraCore RCE Vulnerability2022-05-14
CVEList
CVE-2016-3260: The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other pro2016-07-13

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2016-07-12
CVE-2016-3260 — Microsoft vulnerability | cvebase