cbcvebase.
CVE-2016-7203
published 2016-11-10

CVE-2016-7203: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

PriorityP279high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
64.89%
99.1th percentile
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

Affected

7 ranges
VendorProductVersion rangeFixed in
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198585
urlhttps://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3198586
urlhttps://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3200970
  • The vulnerability is triggered via a crafted web page exploiting Array.splice with heap overflow in Microsoft Edge's Chakra scripting engine. Monitor for JavaScript patterns using j.splice.call with large spread arguments on arrays with manipulated lengths (e.g., 0xfffffffe).
  • Exploit abuses Object.defineProperty on 'constructor' to trigger length manipulation of an array to 0xfffffffe during a splice operation, enabling out-of-bounds write. Detect JavaScript with defineProperty overriding 'constructor' combined with extreme array length assignments.
  • The vulnerability is in the scripting engine handling objects in memory in Internet Explorer/Microsoft Edge. An attacker may embed an ActiveX control marked 'safe for initialization' in Office documents to trigger the vulnerability without browser interaction.
  • ·CVE-2016-7203 affects the scripting engine in Internet Explorer (not Microsoft Edge); the MSRC page lists Microsoft Edge as the affected product but the description references Internet Explorer's scripting engine object handling.
  • ·The exploit-db PoC (40787) is titled for Microsoft Edge Array.splice heap overflow and is publicly available, but MSRC lists exploit status as 'Publicly Disclosed: No; Exploited: No' — treat exploit availability as a risk factor for detection prioritization.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
ghsa8.8HIGH
osv8.8HIGH
vulncheck8.8HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.