Main Vulnerability Database Vulnerabilities #VU1149

Information Disclosure in Microsoft Edge and Microsoft Internet Explorer - CVE-2016-7199

Published: November 9, 2016 / Updated: January 24, 2017

Vulnerability identifier: #VU1149

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-7199

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Edge
Microsoft Internet Explorer

Detailed vulnerability description

A remote attacker can obtain potentially sensitive information.

The vulnerability exists due to incorrect handling of objects in memory. A remote attacker can create a specially crafted web page, trick the victim to open it in browser and obtain browser window state from a different domain.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information.

Note: this vulnerability was publicly disclosed.

How to mitigate CVE-2016-7199

Windows 10 for 32-bit Systems:
https://support.microsoft.com/kb/3198585
Windows 10 for x64-based Systems:
https://support.microsoft.com/kb/3198585
Windows 10 Version 1511 for 32-bit Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1511 for x64-based Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1607 for 32-bit Systems:
https://support.microsoft.com/kb/3200970
Windows 10 Version 1607 for x64-based Systems:
https://support.microsoft.com/kb/3200970
Windows Server 2016 for x64-based Systems:
https://support.microsoft.com/kb/3200970

Sources

https://technet.microsoft.com/library/security/MS16-129

Information Disclosure in Microsoft Edge and Microsoft Internet Explorer - CVE-2016-7199

Detailed vulnerability description

How to mitigate CVE-2016-7199

Sources

Please verify you're human