cbcvebase.
CVE-2016-7202
published 2016-11-10

CVE-2016-7202: The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of…

PriorityP267high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
73.29%
99.4th percentile
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

Affected

5 ranges
VendorProductVersion rangeFixed in
msrcinternet_explorer_10
msrcinternet_explorer_11
msrcinternet_explorer_9
msrcmicrosoft_edge
msrcmicrosoft_windows_hyperlink_object_library

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2016-7202 is a scripting engine memory corruption vulnerability in Internet Explorer; exploitation requires a user to visit a specially crafted website or open a malicious Office/ActiveX document hosting the IE rendering engine
  • Attack vector includes embedding an ActiveX control marked 'safe for initialization' in an Office document or application hosting the IE rendering engine — monitor for IE rendering engine invocations from Office processes
  • Attack vector also includes compromised websites or sites hosting user-provided content/advertisements with specially crafted content — monitor for drive-by download patterns via Internet Explorer
  • CVE-2016-7202 was publicly disclosed before the patch (MS16-144) was available; treat unpatched IE instances as high-risk and prioritize detection of exploitation attempts
  • ·Exploit status from Microsoft MSRC indicates 'Exploitation More Likely' for the latest software release, meaning active exploitation attempts should be anticipated even though no in-the-wild exploitation was confirmed at time of disclosure
  • ·The sources contain PoC exploit code (Exploit-DB 40786, 40793) attributed to related Chakra/jscript9 CVEs (MS16-129), not specifically confirmed for CVE-2016-7202; do not use those PoCs as definitive signatures for this CVE without further validation

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa8.8HIGH
osv8.8HIGH
vulncheck8.8HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.