Main
Vulnerability Database
Exploits
ID:421 - Exploit for Memory corruption in Microsoft Edge - CVE-2016-7189
ID:421 - Exploit for Memory corruption in Microsoft Edge - CVE-2016-7189
Published: March 18, 2020
Vulnerability identifier: #VU856
Vulnerability risk: Critical
CVE-ID: CVE-2016-7189
CWE-ID: CWE-119
Exploitation vector: Remote access
Vulnerable software:
Microsoft Edge
Microsoft Edge
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the Scripting Engine when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability will result in arbitrary code execution.
Note: the vulnerability was being actively exploited.
The weakness exists due to boundary error in the Scripting Engine when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability will result in arbitrary code execution.
Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website.