12 Oct 2016
CVE-2016-3386 Vulnerability
Publié par . Publié dans Memory corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194. (CVSS:9.3) (Last Update:2016-10-14)
Vulnerability Details : The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194. Publish Date : 2016-10-13 Last Update Date : 2016-10-14 - CVSS Scores & Vulnerability Types CVSS Score | 9.3 | Confidentiality Impact | Complete(There is total information disclosure, resulting in all system files being revealed.) | Integrity Impact | Complete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) | Availability Impact | Complete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) | Access Complexity | Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) | Authentication | Not required(Authentication is not required to exploit the vulnerability.) | Gained Access | None | Vulnerability Type(s) | Denial Of ServiceExecute CodeOverflowMemory corruption | CWE ID | 119 | | | - Products Affected By CVE-2016-3386 - Number Of Affected Versions By Product - References For CVE-2016-3386 http://technet.microsoft.com/en-us/security/bulletin/ms16-119 Microsoft Security Bulletin MS16-119 Cumulative Security Update for Microsoft Edge This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities addressed in this bulletin:
- Microsoft Browser Information Disclosure Vulnerability
- Microsoft Browser Memory Corruption Vulnerability
- Scripting Engine Memory Corruption Vulnerability
- Scripting Engine Memory Corruption Vulnerability
- Microsoft Browser Elevation of Privilege Vulnerability
- Microsoft Browser Elevation of Privilege Vulnerability
- Scripting Engine Memory Corruption Vulnerability
- Scripting Engine Memory Corruption Vulnerability
- MicrosoRelease Date:2016-10-11
| | |
- Metasploit Modules Related To CVE-2016-3386There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
| |