CVE-2016-0189

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 9 through 11 JScript engine version 5.8 VBScript engine versions 5.7 and 5.8

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. This is due to a buffer overflow in the JScript and VBScript engines. The vulnerability could corrupt memory, enabling an attacker to execute arbitrary code in the context of the current user. If the current user has administrative rights, an attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer versions 9 through 11, update to a version that includes the fix for this issue. For JScript engine version 5.8, consider disabling the engine until a patch is available. For VBScript engine versions 5.7 and 5.8, restrict access to the engine to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of scripts in Internet Explorer until the issue is resolved.