CVE-2016-0189

HIGH KEV RANSOMWARE

Microsoft JScript/VBScript <5.8 - RCE

Title source: llm

Description

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

Exploits (4)

exploitdb WORKING POC
by Brian Pak · textlocalwindows
https://www.exploit-db.com/exploits/40118
nomisec WORKING POC 114 stars
by theori-io · client-side
https://github.com/theori-io/cve-2016-0189
nomisec WORKING POC 3 stars
by deamwork · client-side
https://github.com/deamwork/MS16-051-poc
metasploit WORKING POC NORMAL
by Theori · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms16_051_vbscript.rb

References (7)

Scores

CVSS v3 7.5
EPSS 0.9078
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-28
VulnCheck KEV 2016-05-10
InTheWild.io 2016-05-10
ENISA EUVD EUVD-2016-0226
Ransomware Use Confirmed
CWE
CWE-787
Status published
Products (6)
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
microsoft/jscript 5.8
microsoft/vbscript 5.7
microsoft/vbscript 5.8
Published May 11, 2016
KEV Added Mar 28, 2022
Tracked Since Feb 18, 2026