CyberSec.Space Logo
Back to CVE Browser

CVE-2016-0189

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score36.3610%
EPSS Percentile86.33th
PublishedMay 11, 2016
Last ModifiedApr 22, 2026

Vulnerability Description

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Jscript

= 5.8
πŸ“¦
Microsoft

Vbscript

= 5.7
πŸ“¦
Microsoft

Vbscript

= 5.8
πŸ“¦
Microsoft

Internet Explorer

= 9
πŸ“¦
Microsoft

Internet Explorer

= 10
πŸ“¦
Microsoft

Internet Explorer

= 11

References & Advisories

πŸ”— http://www.securityfocus.com/bid/90012
πŸ”— http://www.securitytracker.com/id/1035820
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053
πŸ”— https://www.exploit-db.com/exploits/40118/
πŸ”— https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/
πŸ”— http://www.securityfocus.com/bid/90012
πŸ”— http://www.securitytracker.com/id/1035820

Related Vulnerabilities

CVE-2012-25239.3

Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers...

CVE-2009-19209.3

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not pr...

CVE-2008-00839.3

The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4...

CVE-2015-24939.3

The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or caus...