CVE-2016-7202
published 2016-11-10CVE-2016-7202: The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of…
PriorityP267high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
73.29%
99.4th percentile
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | internet_explorer_9 | — | — |
| msrc | microsoft_edge | — | — |
| msrc | microsoft_windows_hyperlink_object_library | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2016-7202 is a scripting engine memory corruption vulnerability in Internet Explorer; exploitation requires a user to visit a specially crafted website or open a malicious Office/ActiveX document hosting the IE rendering engine ↗
- →Attack vector includes embedding an ActiveX control marked 'safe for initialization' in an Office document or application hosting the IE rendering engine — monitor for IE rendering engine invocations from Office processes ↗
- →Attack vector also includes compromised websites or sites hosting user-provided content/advertisements with specially crafted content — monitor for drive-by download patterns via Internet Explorer ↗
- →CVE-2016-7202 was publicly disclosed before the patch (MS16-144) was available; treat unpatched IE instances as high-risk and prioritize detection of exploitation attempts ↗
- ·Exploit status from Microsoft MSRC indicates 'Exploitation More Likely' for the latest software release, meaning active exploitation attempts should be anticipated even though no in-the-wild exploitation was confirmed at time of disclosure ↗
- ·The sources contain PoC exploit code (Exploit-DB 40786, 40793) attributed to related Chakra/jscript9 CVEs (MS16-129), not specifically confirmed for CVE-2016-7202; do not use those PoCs as definitive signatures for this CVE without further validation ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa8.8HIGH
osv8.8HIGH
vulncheck8.8HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7201 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7203 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7200 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7208 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7243 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7240 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7201 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7200 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7242 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7208 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7202 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 8.8
CVE-2016-7202 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7242 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7203 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7243 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.
OSV
ChakraCore RCE Vulnerability
osv·2022-05-14·CVSS 8.8
CVE-2016-7240 [HIGH] ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.
VulnCheck
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2016·CVSS 8.8
CVE-2016-7203 [HIGH] Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Affected: Microsoft Edge
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dl.acm.org/doi/pdf/10.1145/3465481.3465758
VulnCheck
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2016·CVSS 8.8
CVE-2016-7242 [HIGH] Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.
Affected: Microsoft Edge
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dl.acm.org/doi/pdf/10.1145/3465481.3465758
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2016-11-08·CVSS 4.2
CVE-2016-7202 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted websi
No detection rules found.
Exploit-DB
Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)
exploitdb·2016-11-21·CVSS 7.5
CVE-2016-7202 [HIGH] Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)
Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)
---
k
ChildEBP RetAddr
0328fab0 6a589768 jscript9!Recycler::ScanObject+0x23
0328facc 6a58973a jscript9!Recycler::TryMarkBigBlockList+0x22
0328faf0 6a589d83 jscript9!Recycler::ScanArena+0x7a
0328fb24 6a585f4c jscript9!Recycler::BackgroundFindRoots+0x8e
0328fb34 6a561263 jscript9!Recycler::DoBackgroundWork+0x103
0328fb60 6a6b162c jscript9!Recycler::ThreadProc+0xd1
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Windows\system32\msvcrt.dll -
0328fb98 775c1287 jscript9!Recycler::StaticThreadProc+0x1c
WARNING: Stack unwind information not available. Following frames may be wrong.
0328fbd0 775c1328 msvcrt!itow_s+0x4c
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\Windows\
Exploit-DB
Microsoft Edge - 'Array.reverse' Overflow
exploitdb·2016-11-18
CVE-2016-7202 Microsoft Edge - 'Array.reverse' Overflow
Microsoft Edge - 'Array.reverse' Overflow
---
left = ((uint32)length) - (seg->left + seg->length);
Can become a very large value (as length is larger than seg->length and seg->left is generally 0). This can cause the segment length to become larger than the segment size the next time SparseArraySegmentBase::EnsureSizeInBound is called, as the method contains the following code:
uint32 nextLeft = next ? next->left : JavascriptArray::MaxArrayLength;
Assert(nextLeft > left);
if(size != 0)
{
size = min(size, nextLeft - left);
}
nextLeft can be smaller than the segment length if next is null and left is very large, leading size to be set to a small value which is less than the segment length. Many other methods, including setting an element of an array assume that size is less than lengt
Talos
Microsoft Patch Tuesday - December 2016
blogs_talos·2016-12-13·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash Player. The remaining seven bulletins are rated important and address vulnerabilities in various Windows components including kernel, crypto driver, and installer.
### Bulletins Rated Critical Microsoft bulletins MS16-144 through MS16-148 and MS16-154 are rated as critical in this month's release.
MS16-144 is the Internet Explorer bulletin for this month. It addresses a total of ni
Talos
Microsoft Patch Tuesday - December 2016
blogs_talos·2016-12-13·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - December 2016
## Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash Player. The remaining seven bulletins are rated important and address vulnerabilities in various Windows components including kernel, crypto driver, and installer.
## Bulletins Rated Critical Microsoft bulletins MS16-144 through MS16-148 and MS16-154 are rated as critical in this month's release.
MS16-144 is the Internet Explorer bulletin
Qualys
Microsoft Ends 2016 with 15% Increase in Bulletin Volume
blogs_qualys·2016-12-13·CVSS 7.5
[HIGH] Microsoft Ends 2016 with 15% Increase in Bulletin Volume
Happy December! In this last Patch Tuesday installment for 2016, Microsoft released 12 security bulletins which brings the 2016 yearly count to 155. This is about 15% higher than last year. Out of more than 3 billion scans that Qualys performs each year we saw an increase of about 20% in the total number of Microsoft vulnerabilities. This increase can be attributed to an increase in the volume of scanning and to the 15% increase in number of Microsoft bulletins. But the year is not over and I will come up with the normalized number after the year ends.
Out of the 12 Patch Tuesday security bulletins for today, which includes one for Adobe, half are assigned a Critical rating while the other half are important.
Starting with browsers, the Internet Explorer update MS16-144 fixes 3 vulnerabi
Qualys
Microsoft Ends 2016 with 15% Increase in Bulletin Volume | Qualys
blogs_qualys·2016-12-13·CVSS 7.5
[HIGH] Microsoft Ends 2016 with 15% Increase in Bulletin Volume | Qualys
Happy December! In this last Patch Tuesday installment for 2016, Microsoft released 12 security bulletins which brings the 2016 yearly count to 155. This is about 15% higher than last year. Out of more than 3 billion scans that Qualys performs each year we saw an increase of about 20% in the total number of Microsoft vulnerabilities. This increase can be attributed to an increase in the volume of scanning and to the 15% increase in number of Microsoft bulletins. But the year is not over and I will come up with the normalized number after the year ends.
Out of the 12 Patch Tuesday security bulletins for today, which includes one for Adobe, half are assigned a Critical rating while the other half are important.
Starting with browsers, the Internet Explorer update MS16-144 fixes 3 vulnerabi
Zscaler
Zscaler found Multiple Security Vulnerabilities | 12-13-2016
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 12-13-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-08-2016
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 11-08-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/94042http://www.securitytracker.com/id/1037245http://www.zerodayinitiative.com/advisories/ZDI-16-593https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144https://www.exploit-db.com/exploits/40786/https://www.exploit-db.com/exploits/40793/http://www.securityfocus.com/bid/94042http://www.securitytracker.com/id/1037245http://www.zerodayinitiative.com/advisories/ZDI-16-593https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144https://www.exploit-db.com/exploits/40786/https://www.exploit-db.com/exploits/40793/
2016-11-10
Published