cbcvebase.
CVE-2016-7241
published 2016-11-10

CVE-2016-7241: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…

PriorityP267high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
71.49%
99.3th percentile
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

Affected

19 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
msrcinternet_explorer_11_on_windows_10_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_x64-based_systems
msrcinternet_explorer_11_on_windows_8.1_for_32-bit_systems
msrcinternet_explorer_11_on_windows_8.1_for_x64-based_systems
msrcinternet_explorer_11_on_windows_rt_8.1
msrcinternet_explorer_11_on_windows_server_2012_r2
msrcinternet_explorer_11_on_windows_server_2016
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

commandJSON.parse("[1, 2, [4, 5]]", f)
  • The exploit abuses the JSON.parse reviver callback (second argument) to trigger an info leak / memory corruption in Microsoft Edge. Monitor for JavaScript using JSON.parse with a reviver function that modifies array elements and reads back shifted numeric values (>> 1) to leak memory addresses.
  • Exploitation vector is a specially crafted website delivered via browser. Attacker must convince user to visit via email/IM enticement or compromised/ad-hosting sites. Monitor for drive-by download patterns targeting IE11/Edge user-agents.
  • ·Internet Explorer running in Enhanced Security Configuration (ESC) on Windows Server 2008/2008 R2/2012/2012 R2 reduces exploitation likelihood; sites not in the Trusted Sites zone are mitigated by default.
  • ·EMET can help mitigate exploitation attempts against IE on systems where it is installed and configured to work with Internet Explorer.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.