CVE-2016-3260: Improper Restriction of Operations within the Bounds of a Memory Buffer
(updated )
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.”
References
- docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084
- docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085
- github.com/advisories/GHSA-h6g3-73h7-chxp
- github.com/chakra-core/ChakraCore/commit/17f3d4a4852dcc9e48de7091685b1862afb9f307
- github.com/chakra-core/ChakraCore/pull/1291
- nvd.nist.gov/vuln/detail/CVE-2016-3260
- web.archive.org/web/20210123150650/http://www.securityfocus.com/bid/91580
- web.archive.org/web/20211202003833/http://www.securitytracker.com/id/1036283
Detect and mitigate CVE-2016-3260 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →