20 Déc 2016
CVE-2016-7297 - CVE Vulnerability
Publié par . Publié dans Memory corruption
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. (CVSS:7.6) (Last Update:2016-12-20)
Vulnerability Details : The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. Publish Date : 2016-12-20 Last Update Date : 2016-12-20 - CVSS Scores & Vulnerability Types CVSS Score | 7.6 | Confidentiality Impact | Complete(There is total information disclosure, resulting in all system files being revealed.) | Integrity Impact | Complete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) | Availability Impact | Complete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) | Access Complexity | High(Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit) | Authentication | Not required(Authentication is not required to exploit the vulnerability.) | Gained Access | None | Vulnerability Type(s) | Denial Of ServiceExecute CodeOverflowMemory corruption | CWE ID | 119 | | | - Products Affected By CVE-2016-7297 - Number Of Affected Versions By Product - References For CVE-2016-7297 http://technet.microsoft.com/en-us/security/bulletin/ms16-145 Microsoft Security Bulletin MS16-145 Microsoft Security Bulletin MS16-145: Cumulative Security Update for Microsoft Edge This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Vulnerabilities addressed in this bulletin:
- Microsoft Edge Memory Corruption Vulnerability
- Microsoft Edge Information Disclosure Vulnerability
- Microsoft Browser Memory Corruption Vulnerability
- Microsoft Edge Information Disclosure Vulnerability
- Microsoft Browser Security Feature Bypass
- Microsoft Browser Information Disclosure Vulnerability
- Scripting Engine Memory Corruption Vulnerability
- Scripting Engine Memory Corruption Vulnerability
- Scripting Engine MemoRelease Date:2016-12-13
| | |
- Metasploit Modules Related To CVE-2016-7297There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
| |