CVE-2016-7287

HIGH

Microsoft Edge and Internet Explorer 11 - Remote Code Execution via Scripting Engine Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7287. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in ChakraCore's Intl object initialization by redefining Object.defineProperty to intercept and manipulate the Collator property, leading to potential arbitrary code execution.

Description

The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldoswindows

https://www.exploit-db.com/exploits/40948

View Code ZIP pw:eip

This exploit leverages a type confusion vulnerability in ChakraCore's Intl object initialization by redefining Object.defineProperty to intercept and manipulate the Collator property, leading to potential arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft ChakraCore (Edge/IE JavaScript engine)

No auth needed

Prerequisites: Victim must visit a malicious webpage or execute the script in a vulnerable ChakraCore environment

MITRE ATT&CK