返回 CVE 瀏覽器

CVE-2016-0189

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score36.3610%

EPSS Percentile86.33th

Published2016年5月11日

Last Modified2026年4月22日

Vulnerability Description

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

Affected Platforms (CPE)

📦

Microsoft

Jscript

= 5.8

📦

Microsoft

Vbscript

= 5.7

📦

Microsoft

Vbscript

= 5.8

📦

Microsoft

Internet Explorer

= 9

📦

Microsoft

Internet Explorer

= 10

📦

Microsoft

Internet Explorer

= 11

References & Advisories

🔗 http://www.securityfocus.com/bid/90012

🔗 http://www.securitytracker.com/id/1035820

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053

🔗 https://www.exploit-db.com/exploits/40118/

🔗 https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/

🔗 http://www.securityfocus.com/bid/90012

🔗 http://www.securitytracker.com/id/1035820

相關漏洞威脅

CVE-2012-25239.3

Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers...

CVE-2009-19209.3

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not pr...

CVE-2008-00839.3

The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4...

CVE-2015-24939.3

The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or caus...