Main Vulnerability Database Vulnerabilities #VU1152

#VU1152 Heap-based buffer overflow in Microsoft Edge and Microsoft Internet Explorer - CVE-2016-7202

Published: November 9, 2016 / Updated: September 14, 2018

Vulnerability identifier: #VU1152

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2016-7202

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Microsoft Edge
Microsoft Internet Explorer

Software vendor:
Microsoft

Description

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to incorrect handling of JavaScript Array.reverse method in chakra.dll. A remote attacker can create a specially crafted web page or Microsoft Office file with embedded malicious ActiveX component, trick the victim to open it in browser, cause heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on vulnerable system with privileges of the current user.

Remediation

Windows 10 for 32-bit Systems:
https://support.microsoft.com/kb/3198585
Windows 10 for x64-based Systems:
https://support.microsoft.com/kb/3198585
Windows 10 Version 1511 for 32-bit Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1511 for x64-based Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1607 for 32-bit Systems:
https://support.microsoft.com/kb/3200970
Windows 10 Version 1607 for x64-based Systems:
https://support.microsoft.com/kb/3200970
Windows Server 2016 for x64-based Systems:
https://support.microsoft.com/kb/3200970

#VU1152 Heap-based buffer overflow in Microsoft Edge and Microsoft Internet Explorer - CVE-2016-7202

Description

Remediation

External links

Please verify you're human