Executive Summary

Informations
NameCVE-2016-7202First vendor Publication2016-11-10
VendorCveLast vendor Modification2018-10-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score7.6Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7202

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Snort® IPS/IDS

DateDescription
2018-08-04Microsoft Edge proxy object type confusion attempt
RuleID : 47083 - Revision : 2 - Type : BROWSER-IE
2018-08-04Microsoft Edge proxy object type confusion attempt
RuleID : 47082 - Revision : 2 - Type : BROWSER-IE
2018-06-21Microsoft Edge proxy object type confusion attempt
RuleID : 46764 - Revision : 1 - Type : BROWSER-IE
2018-06-21Microsoft Edge proxy object type confusion attempt
RuleID : 46763 - Revision : 1 - Type : BROWSER-IE
2018-01-18Microsoft Internet Explorer out of bounds read attempt
RuleID : 45213 - Revision : 2 - Type : BROWSER-IE
2018-01-18Microsoft Internet Explorer out of bounds read attempt
RuleID : 45212 - Revision : 2 - Type : BROWSER-IE
2018-01-18Microsoft Internet Explorer out of bounds read attempt
RuleID : 45211 - Revision : 2 - Type : BROWSER-IE
2018-01-18Microsoft Internet Explorer out of bounds read attempt
RuleID : 45210 - Revision : 2 - Type : BROWSER-IE
2017-08-23Microsoft Edge JavaScript ReverseHelper buffer overrun attempt
RuleID : 43659 - Revision : 1 - Type : BROWSER-IE
2017-08-23Microsoft Edge JavaScript ReverseHelper buffer overrun attempt
RuleID : 43658 - Revision : 1 - Type : BROWSER-IE
2017-08-23Microsoft Edge JavaScript ReverseHelper buffer overrun attempt
RuleID : 43657 - Revision : 1 - Type : BROWSER-IE
2017-08-23Microsoft Edge JavaScript ReverseHelper buffer overrun attempt
RuleID : 43656 - Revision : 1 - Type : BROWSER-IE
2017-07-06Microsoft Edge proxy object type confusion attempt
RuleID : 43111 - Revision : 2 - Type : BROWSER-IE
2017-07-06Microsoft Edge proxy object type confusion attempt
RuleID : 43110 - Revision : 2 - Type : BROWSER-IE
2017-05-09Microsoft Internet Explorer classid remote code execution attempt
RuleID : 42170 - Revision : 3 - Type : BROWSER-IE
2017-05-09Microsoft Internet Explorer classid remote code execution attempt
RuleID : 42169 - Revision : 3 - Type : BROWSER-IE
2017-04-20Microsoft Edge proxy object type confusion attempt
RuleID : 42041 - Revision : 5 - Type : BROWSER-IE
2017-04-20Microsoft Edge proxy object type confusion attempt
RuleID : 42040 - Revision : 5 - Type : BROWSER-IE
2017-02-14Microsoft Internet Explorer classid remote code execution attempt
RuleID : 41211 - Revision : 3 - Type : BROWSER-IE
2017-02-14Microsoft Internet Explorer classid remote code execution attempt
RuleID : 41210 - Revision : 3 - Type : BROWSER-IE
2017-01-12Microsoft Internet Explorer information disclosure attempt
RuleID : 40993 - Revision : 3 - Type : BROWSER-IE
2017-01-12Microsoft Internet Explorer information disclosure attempt
RuleID : 40992 - Revision : 3 - Type : BROWSER-IE
2017-01-12Microsoft Internet Explorer out of bounds read attempt
RuleID : 40989 - Revision : 3 - Type : BROWSER-IE
2017-01-12Microsoft Internet Explorer out of bounds read attempt
RuleID : 40988 - Revision : 3 - Type : BROWSER-IE
2017-01-12Microsoft Internet Explorer title integer overflow attempt
RuleID : 40987 - Revision : 4 - Type : BROWSER-IE
2017-01-12Microsoft Internet Explorer title integer overflow attempt
RuleID : 40986 - Revision : 4 - Type : BROWSER-IE
2017-01-10Microsoft Edge iframe information disclosure attempt
RuleID : 40976 - Revision : 2 - Type : BROWSER-IE
2017-01-10Microsoft Edge iframe information disclosure attempt
RuleID : 40975 - Revision : 2 - Type : BROWSER-IE
2017-01-10Microsoft Edge Object.defineProperty type confusion attempt
RuleID : 40970 - Revision : 3 - Type : BROWSER-IE
2017-01-10Microsoft Edge Object.defineProperty type confusion attempt
RuleID : 40969 - Revision : 3 - Type : BROWSER-IE
2017-01-10Microsoft Office hyperlink object out of bounds read attempt
RuleID : 40941 - Revision : 3 - Type : FILE-OFFICE
2017-01-10Microsoft Office hyperlink object out of bounds read attempt
RuleID : 40940 - Revision : 3 - Type : FILE-OFFICE
2016-12-08Microsoft Internet Explorer print preview information disclosure attempt
RuleID : 40722 - Revision : 2 - Type : BROWSER-IE
2016-12-08Microsoft Internet Explorer print preview information disclosure attempt
RuleID : 40721 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Edge proxy object type confusion attempt
RuleID : 40716 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Edge proxy object type confusion attempt
RuleID : 40715 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Edge stack variable memory access attempt
RuleID : 40684 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Edge stack variable memory access attempt
RuleID : 40683 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer classid remote code execution attempt
RuleID : 40670 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer classid remote code execution attempt
RuleID : 40669 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Edge Array.concat type confusion attempt
RuleID : 40662 - Revision : 6 - Type : BROWSER-IE
2016-12-06Microsoft Edge Array.concat type confusion attempt
RuleID : 40661 - Revision : 6 - Type : BROWSER-IE
2016-12-06Microsoft Edge Chakra.dll Array.splice heap overflow attempt
RuleID : 40660 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Edge Chakra.dll Array.splice heap overflow attempt
RuleID : 40659 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt
RuleID : 40656 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer Chakra.dll Array.filter type confusion attempt
RuleID : 40655 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer msSaveBlob use after free attempt
RuleID : 40654 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer msSaveBlob use after free attempt
RuleID : 40653 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Edge webkit directory file disclosure attempt
RuleID : 40652 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Edge webkit directory file disclosure attempt
RuleID : 40651 - Revision : 2 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer Chakra.dll proxy object prototype return type con...
RuleID : 40650 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Internet Explorer Chakra.dll proxy object prototype return type con...
RuleID : 40649 - Revision : 3 - Type : BROWSER-IE
2016-12-06Microsoft Edge JavaScript ReverseHelper buffer overrun attempt
RuleID : 40648 - Revision : 4 - Type : BROWSER-IE
2016-12-06Microsoft Edge JavaScript ReverseHelper buffer overrun attempt
RuleID : 40647 - Revision : 4 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2016-12-13Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms16-144.nasl - Type : ACT_GATHER_INFO
2016-11-08Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms16-129.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/94042
EXPLOIT-DB https://www.exploit-db.com/exploits/40786/
https://www.exploit-db.com/exploits/40793/
MISC http://www.zerodayinitiative.com/advisories/ZDI-16-593
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16...
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16...
SECTRACK http://www.securitytracker.com/id/1037245

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2018-10-13 05:19:06
  • Multiple Updates
2017-09-03 09:24:06
  • Multiple Updates
2017-07-28 09:22:32
  • Multiple Updates
2016-12-24 00:22:58
  • Multiple Updates
2016-12-23 12:32:18
  • Multiple Updates
2016-12-22 09:24:09
  • Multiple Updates
2016-12-14 13:26:32
  • Multiple Updates
2016-11-29 00:26:37
  • Multiple Updates
2016-11-10 17:24:05
  • Multiple Updates
2016-11-10 12:02:43
  • First insertion