CVE-2016-3204

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 9 through 11 JScript versions 5.8 and 9 VBScript versions 5.7 and 5.8

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is due to memory corruption in the scripting engines. The vulnerabilities could corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user. If the current user has administrative rights, an attacker could take control of the affected system, install programs, view or modify data, or create new accounts.

Recommendations For Internet Explorer versions 9 through 11, update the JScript and VBScript engines to a version that is not affected by the memory corruption issue. For JScript versions 5.8 and 9, consider disabling the scripting engine until a patch is available. For VBScript versions 5.7 and 5.8, restrict access to the scripting engine to minimize the risk of exploitation.