7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-7240

GHSA ID

GHSA-hh3v-5chw-wgh7

EPSS Score

0.99254%

CWE

CWE-119

Published

5/14/2022

Updated

11/1/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-7240

CVE-2016-7240: ChakraCore RCE Vulnerability

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.

(GitHub Advisory)

7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-7240

GHSA ID

GHSA-hh3v-5chw-wgh7

EPSS Score

0.99254%

CWE

CWE-119

Published

5/14/2022

Updated

11/1/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.ChakraCore	nuget	< 1.2.2	1.2.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows critical safety checks being added to: 1) eval's CallFlags handling (GlobalObject.cpp), 2) Array prototype methods (JavascriptArray.cpp) adding native array conversions, 3) JSON parser array handling, and 4) ArraySpeciesCreate species validation. These directly correlate to the CWE-119 memory corruption described, with test cases demonstrating type confusion scenarios in filter/splice/eval operations. The patch patterns (EnsureNonNativeArray, CheckAndConvertCopyOnAccess, isDirectEvalCall) indicate these were the vulnerable entry points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** ***kr* J*v*S*ript s*riptin* *n*in* in Mi*roso*t **** *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** or **us* * **ni*l o* s*rvi** (m*mory *orruption) vi* * *r**t** w** sit*, *k* "S*riptin* *n*in* M*mory *orruption Vuln*r**ility," * *i***r*nt vu

Reasoning

T** *ommit *i** s*ows *riti**l s***ty ****ks **in* ***** to: *) `*v*l`'s **ll*l**s **n*lin* (`*lo**lO*j**t.*pp`), *) `*rr*y` prototyp* m*t*o*s (`J*v*s*ript*rr*y.*pp`) ***in* n*tiv* *rr*y *onv*rsions, *) `JSON` p*rs*r *rr*y **n*lin*, *n* *) `*rr*ySp**

7.5

Basic Information

Concerned about an active attack path?

CVE-2016-7240: ChakraCore RCE Vulnerability

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI