Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

🗓️ 22 Jun 2016 00:00:00Reported by Brian PakType 
exploitpack
 exploitpack👁 135 Views

CVE-2016-0189 VBScript Memory Corruption in IE11 on Windows 1

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (M
22 Jun 201600:00
zdt
GithubExploit		Exploit for Out-of-bounds Write in Microsoft
25 Jun 201601:48
githubexploit
GithubExploit		Exploit for Out-of-bounds Write in Microsoft
22 Jun 201623:03
githubexploit
GithubExploit		Exploit for Out-of-bounds Write in Microsoft
29 Apr 202620:50
githubexploit
ATTACKERKB		CVE-2016-0189
11 May 201600:00
attackerkb
ATTACKERKB		CVE-2016-0187
11 May 201600:00
attackerkb
BDU FSTEC		The vulnerability of JScript and VBScript script handlers in Internet Explorer, related to the execution of operations beyond the buffer boundaries, allows attackers to execute arbitrary code or cause service interruptions.
18 Nov 202100:00
bdu_fstec
Circl		CVE-2016-0189
2 Oct 201616:51
circl
CISA KEV Catalog		Microsoft Internet Explorer Memory Corruption Vulnerability
28 Mar 202200:00
cisa_kev
CNVD		Microsoft JScript and VBScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03119)
12 May 201600:00
cnvd
Rows per page
Source: https://github.com/theori-io/cve-2016-0189

# CVE-2016-0189
Proof-of-Concept exploit for CVE-2016-0189 (VBScript Memory Corruption in IE11)

Tested on Windows 10 IE11.

### Write-up
http://theori.io/research/cve-2016-0189

### To run
1. Download `support/*.dll` (or compile \*.cpp for yourself) and `exploit/*.html` to a directory.
2. Serve the directory using a webserver (or python's simple HTTP server).
3. Browse with a victim IE to `vbscript_bypass_pm.html`.
4. (Re-fresh or re-open in case it doesn't work; It's not 100% reliable.)

Exploit-DB Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40118.zip

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Jun 2016 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.93165
microsoft internet explorer 11windows 10vbscript memory corruptioncve-2016-0189memory corruptionexploit-db mirror
135