CVE-2016-7297 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Edge ON Windows 10 Version 1511 FOR 32-bit Systems
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents5 sources
Severity
7.5HIGHNVD
EPSS
33.2%
top 3.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 20
Latest updateMay 14
Description
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages5 packages
🔴Vulnerability Details
4GHSA▶
GHSA-2hhv-v3hc-2xgx: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte↗2022-05-14
GHSA▶
GHSA-p2px-4wm4-xfwj: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte↗2022-05-14
GHSA▶
GHSA-5crh-v7jp-727c: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte↗2022-05-14
GHSA▶
GHSA-9h64-hvgq-263q: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte↗2022-05-14