| Revision Date: | 2016-07-29 | Version: | 31 |
| Title: | Scripting Engine Memory Corruption Vulnerability - CVE-2016-3202 (MS16-063/MS16-068) |
| Description: | The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2016-3202
|
| Platform(s): | Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
| Product(s): | JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
VBScript
|
| Definition Synopsis |
| Check for installation of vulnerable IE + vulnerable Windows OS + vulnerable file + vulnerable file version VBScript/JScript is installed
VBScript 5.8 is installed
OR JScript 5.8 is installed
AND IE is installed + Windows OS is installed + file version
IE10 is installed + Windows OS + file version
Microsoft Internet Explorer 10 is installed
AND Microsoft Windows Server 2012 is installed + file version
Microsoft Windows Server 2012 (64-bit) is installed
OR IE11 is installed + Windows OS + file version
Microsoft Internet Explorer 11 is installed
AND Windows OS is installed + file version
Check for installation of vulnerable Edge + vulnerable Windows OS + vulnerable file + vulnerable file version
Microsoft Edge is installed + Windows OS + file version
Microsoft Edge is installed
AND Windows OS is installed + file version
Microsoft Windows 10 is installed + file version
Check if chakra.dll version is less than 11.0.10240.16942
OR Microsoft Windows 10 Version 1511 is installed + file version
Check if chakra.dll version is less than 11.0.10586.420
|