Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2016-3351

Published: 14/09/2016 Updated: 12/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 3.1 | Impact Score: 1.4 | Exploitability Score: 1.6
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Subscribe to Edge

Vulnerability Summary

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote malicious users to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft edge -

microsoft internet explorer 9

microsoft internet explorer 10

microsoft internet explorer 11

Recent Articles

Masterful malvertisers pwn Channel 9, Sky, MSN in stealth attacks
The Register • Darren Pauli • 08 Dec 2016

Same group compromised a million users A DAY.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN. Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors. The news sites are not at direct fault as they d...

Read more...
Researcher says Patch Tuesday fix should have been made earlier
The Register • Darren Pauli • 16 Sep 2016

Alleges attack allowing targeted Trojans was known long before Redmond's wranglers roped it

Security researcher Kafeine says one of this week's Microsoft patches addresses a vulnerability it knew of since last year, and may only have pulled the patching trigger after a spate of banking trojan attacks. The attacks utilised the low-level flaw (CVE-2016-3351) for cloaking purposes among an arsenal of exploits. The earliest attacks using the since-defeated exploit date back to January 2014, and as recently as July when it was stopped by Kafeine and others. The most recent of the malvertisi...

Read more...

References

CWE-200https://www.brokenbrowser.com/detecting-apps-mimetype-malware/http://www.securityfocus.com/bid/92788http://www.securitytracker.com/id/1036789http://www.securitytracker.com/id/1036788https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104https://nvd.nist.govhttps://www.theregister.co.uk/2016/12/08/masterful_malvertisers_pwn_channel_9_sky_msn_in_stealth_attacks/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook