Main Vulnerability Database Exploits ID:1891 - Exploit for Scripting engine memory corruption - CVE-2016-7201

ID:1891 - Exploit for Scripting engine memory corruption - CVE-2016-7201

Published: March 18, 2020

Vulnerability identifier: #VU1151

Vulnerability risk: High

CVE-ID: CVE-2016-7201

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:

Link to public exploit:

https://github.com/theori-io/chakra-2016-11

Vulnerability description

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to incorrect handling of objects in memory within Microsoft scripting engines render. A remote attacker can create a specially crafted web page or Microsoft Office file with embedded malicious ActiveX component, trick the victim to open it in browser and cause memory corruption.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on vulnerable system with privileges of the current user.

Remediation

Windows 10 for 32-bit Systems:
https://support.microsoft.com/kb/3198585
Windows 10 for x64-based Systems:
https://support.microsoft.com/kb/3198585
Windows 10 Version 1511 for 32-bit Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1511 for x64-based Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1607 for 32-bit Systems:
https://support.microsoft.com/kb/3200970
Windows 10 Version 1607 for x64-based Systems:
https://support.microsoft.com/kb/3200970
Windows Server 2016 for x64-based Systems:
https://support.microsoft.com/kb/3200970

ID:1891 - Exploit for Scripting engine memory corruption - CVE-2016-7201

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human