CVE-2016-3260

Loading...

General

Score:9.3/10.0
Severity:High
Category:Buffer Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-3204, CVE-2016-3238, CVE-2016-3239, CVE-2016-3240, CVE-2016-3241, CVE-2016-3242, CVE-2016-3243, CVE-2016-3244, CVE-2016-3245, CVE-2016-3246, CVE-2016-3248, CVE-2016-3249, CVE-2016-3250, CVE-2016-3251, CVE-2016-3252, CVE-2016-3254, CVE-2016-3255, CVE-2016-3256, CVE-2016-3258, CVE-2016-3259, CVE-2016-3261, CVE-2016-3264, CVE-2016-3265, CVE-2016-3269, CVE-2016-3271, CVE-2016-3272, CVE-2016-3273, CVE-2016-3274, CVE-2016-3276, CVE-2016-3277, CVE-2016-3286, CVE-2016-3287

Published on 13/07/16 - Updated on 13/10/18

Description

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2016-3260
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-228, CERTFR-2016-AVI-229
Microsoft MS16-084, MS16-085
Microsoft 3163912, 3170106, 3172985

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
microsoftedge
microsoftinternet_explorer

Share this vulnerability with:

Twitter Facebook LinkedIn Mail