CVE-2016-0187

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 9 through 11 JScript engine version 5.8 VBScript engine version 5.8

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This occurs when the JScript and VBScript engines handle objects in memory. An attacker could exploit the issue to take control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights, especially if the current user has administrative rights.

Recommendations For Internet Explorer versions 9 through 11, update to a version that includes the fix for the scripting engine memory corruption issue. For JScript engine version 5.8, consider disabling the engine until a patch is available. For VBScript engine version 5.8, restrict the use of the engine to minimize the risk of exploitation.