7.5
CVSSv3

CVE-2016-7194

Published: 14/10/2016 Updated: 12/10/2018
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

The Chakra JavaScript engine in Microsoft Edge allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft edge

Exploits

<!-- Source: bugschromiumorg/p/project-zero/issues/detail?id=920 When Functionapply is called in Chakra, the parameter array is iterated through using JavascriptArray::ForEachItemInRange This function accepts a templated parameter, hasSideEffect that allows the function to behave safely in the case that iteration has side effects I ...