CVE-2016-0189

Published: May 11, 2016Modified: Apr 22, 2026CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

Affected (6)

Products: Microsoft: Jscript, Vbscript, Internet Explorer

3 products

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Jscript	Version 5.8
Microsoft Vbscript	Version 5.8

Running on/with	Platform Versions
Microsoft Windows Server 2008	Version r2 sp1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Vbscript	Version 5.7

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 9

Running on/with	Platform Versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 10

Running on/with	Platform Versions
Microsoft Windows Server 2012	All versions

Configuration E

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 11

Running on/with	Platform Versions
Microsoft Windows 10 1507	All versions
Microsoft Windows 10 1511	All versions
Microsoft Windows 7	All versions
Microsoft Windows 8.1	All versions
Microsoft Windows Rt 8.1	All versions
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Server 2012	Version r2