Main Vulnerability Database Vulnerabilities #VU140

Memory corruption in JScript and VBScript in Microsoft products - CVE-2016-3204

Published: July 14, 2016 / Updated: January 20, 2017

Vulnerability identifier: #VU140

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-3204

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server
Microsoft Internet Explorer

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error in JScript and VBScript engines render when handling objects in memory in Internet Explorer. A remote attacker can trick a victim to visit malicious webpage and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability will allow an attacker to gain control over affected system.

How to mitigate CVE-2016-3204

To resolve this vulnerability vendor recommends installing the following updates:

Windows Vista

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2

Windows Server 2008

Windows Server 2008 for x32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1

Memory corruption in JScript and VBScript in Microsoft products - CVE-2016-3204

Detailed vulnerability description

How to mitigate CVE-2016-3204

Sources

Please verify you're human