Published: 14/09/2016 Updated: 12/10/2018

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

CVSS v3 Base Score: 3.1 | Impact Score: 1.4 | Exploitability Score: 1.6

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Microsoft Internet Explorer 11 and Microsoft Edge allow remote malicious users to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet explorer 11
microsoft edge -

<!-- Source: blogskylinednl/20161110001html Synopsis A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer The size of the read can be controlled through the HTTP response An attacker that is able to get any application that uses WININET ...

A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer The size of the read can be controlled through the HTTP response An attacker that is able to get any application that uses WININET to make a request to a server under his/her control may be able to disclose ...

CWE-200 http://www.securityfocus.com/bid/92832 http://www.securitytracker.com/id/1036789 http://www.securitytracker.com/id/1036788 https://www.exploit-db.com/exploits/40747/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 https://nvd.nist.gov https://www.exploit-db.com/exploits/40747/

CVE-2016-3325

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect