Vulnerability Details CVE-2016-3351
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.594
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 2.6
Proposed Action
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
Ransomware Campaign
Known
References
- http://www.securityfocus.com/bid/92788
- http://www.securitytracker.com/id/1036788
- http://www.securitytracker.com/id/1036789
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
- https://www.brokenbrowser.com/detecting-apps-mimetype-malware/
- http://www.securityfocus.com/bid/92788
- http://www.securitytracker.com/id/1036788
- http://www.securitytracker.com/id/1036789
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
- https://www.brokenbrowser.com/detecting-apps-mimetype-malware/
Products affected by CVE-2016-3351
-
cpe:2.3:a:microsoft:edge:-
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11
-
cpe:2.3:a:microsoft:internet_explorer:9
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_10_1511:-
-
cpe:2.3:o:microsoft:windows_10_1607:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_vista:-