Multiple vulnerabilities in Microsoft Internet Explorer

Published: 2016-10-11 | Updated: 2017-02-27
Severity High
Patch available YES
Number of vulnerabilities 11
CVE ID CVE-2016-3298
CVE-2016-3267
CVE-2016-3331
CVE-2016-3382
CVE-2016-3383
CVE-2016-3384
CVE-2016-3385
CVE-2016-3387
CVE-2016-3388
CVE-2016-3390
CVE-2016-3391
CWE ID CWE-200
CWE-119
CWE-46
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Vulnerable software Microsoft Internet Explorer Subscribe
Microsoft Edge
Vendor Microsoft

Security Advisory

1) Information disclosure

Severity: High

CVSSv3: 4.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3298

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerablity exists due to improper handling of objects in memory by the Internet Messaging API. A remote attacker can create a specially crafted content, trick the victim into opening it, bypass security restrictions and determine the existence of arbitrary files.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9, 10, 11

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-126

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Information disclosure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-3267

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to object memory handling error. A remote attacker can create a specially crafted content, trick the victim inro downloading it, trigger memory corruption and determine arbitrary files on the target system.

Successful exploitation of the vulnerability will result in information disclosure on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9, 10, 11

Microsoft Edge: -

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3331

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness is due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9, 10, 11

Microsoft Edge: -

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3382

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Scripting Engine when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9, 10, 11

Microsoft Edge: -

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3383

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 10, 11

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3384

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9, 10, 11

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3385

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9, 10, 11

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Privilege Escalation

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3387

CWE-ID: CWE-46 - Path Equivalence: 'filename ' (Trailing Space)

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to improper defense of private namespace by the browser. A remote attacker can create a specially crafted content, trick the victim into downloading it, gain privileged permissions to the namespace directory on the system.

Successful exploitation of the vulnerability will result in privilege escalation on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 10, 11

Microsoft Edge: -

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Privilege Escalation

Severity: Low

CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3388

CWE-ID: CWE-46 - Path Equivalence: 'filename ' (Trailing Space)

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness is due to improper defense of private namespace by the browser. A remote attacker can create a specially crafted content, trick the victim into downloading it, gain privileged permissions to the namespace directory on the system.

Successful exploitation of the vulnerability will result in privilege escalation on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 10, 11

Microsoft Edge: -

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Memory corruption

Severity: High

CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3390

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Scripting Engine when handling malicious files. A remote attacker can create a specially crafted content, trick the victim into downloading it, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability will result in arbitrary code execution.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Edge: -

Microsoft Internet Explorer: 11

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

Severity: Low

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3391

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper storage of credential data in memory. A remote attacker can access access a memory dump and get credential information.

Successful exploitation of the vulnerability will result in personal data disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9, 10, 11

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-118
https://technet.microsoft.com/en-us/library/security/ms16-119

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.