HTTP: Microsoft Edge CVE-2016-7287 Security Bypass

A type confusion vulnerability exists in Microsoft Internet Explorer and Edge. This vulnerability is due to improper objects access in memory. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Extended Description

The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Affected Products

Microsoft edge

References

BugTraq: 94722

CVE: CVE-2016-7287

Short Name
HTTP:STC:IE:MS-IE-CONFUSION-VUL
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Bypass CVE-2016-7287 Edge Microsoft Security bid:94722
Release Date
12/13/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Microsoft

CVSS Score

7.6

Found a potential security threat?