CVE-2016-7200
unknown
KEV
CVSS v3
—
CVSS v2
—
VIR risk
1.5
Description
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CISA KEV
- Vendor
- Microsoft
- Product
- Edge
- Due date
- 2022-04-18
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2016-7200
Exploits
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | Microsoft.ChakraCore | <1.2.2 | 1.2.2 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2016-7200
- https://github.com/chakra-core/ChakraCore/pull/1982
- https://github.com/chakra-core/ChakraCore/commit/c2787ef8fdb7401922e9ec6540e4e5895d11c631
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129
- https://github.com/chakra-core/ChakraCore
- https://github.com/theori-io/chakra-2016-11
- https://web.archive.org/web/20210123184454/http://www.securityfocus.com/bid/93968
- https://web.archive.org/web/20211126224744/http://www.securitytracker.com/id/1037245
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7200
- https://www.exploit-db.com/exploits/40785
- https://www.exploit-db.com/exploits/40990
- http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html
- http://www.securityfocus.com/bid/93968
- http://www.securitytracker.com/id/1037245
Verify integrity in audit chain (admin only). AS-IS.