CVE-2016-7201

Published: Nov 10, 2016Modified: Apr 22, 2026CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.

Affected (1)

Products: Microsoft: Edge

1 product

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Microsoft Edge	All versions

Running on/with	Platform Versions
Microsoft Windows 10 1507	All versions
Microsoft Windows 10 1511	All versions
Microsoft Windows 10 1607	All versions
Microsoft Windows Server 2016	All versions

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (15)

http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/94038

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037245

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129

Source: secure@microsoft.com

PatchVendor Advisory

https://github.com/theori-io/chakra-2016-11

Source: secure@microsoft.com

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/40784/

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40990/

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/140382/Microsoft-Edge-chakra.dll-Information-Leak-Type-Confusion.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/94038

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037245

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/theori-io/chakra-2016-11

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.exploit-db.com/exploits/40784/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40990/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7201

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.