Main Vulnerability Database Vulnerabilities #VU1160

Information Disclosure in Microsoft Edge and Microsoft Internet Explorer - CVE-2016-7227

Published: November 9, 2016 / Updated: January 24, 2017

Vulnerability identifier: #VU1160

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7227

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Edge
Microsoft Internet Explorer

Detailed vulnerability description

A remote attacker can obtain potentially sensitive information.

The vulnerability exists due to incorrect handling of objects in memory. A remote attacker can create a specially crafted web page, trick the victim to open it in browser and detect specific files on the user's computer.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information.

How to mitigate CVE-2016-7227

Windows 10 for 32-bit Systems:
https://support.microsoft.com/kb/3198585
Windows 10 for x64-based Systems:
https://support.microsoft.com/kb/3198585
Windows 10 Version 1511 for 32-bit Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1511 for x64-based Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1607 for 32-bit Systems:
https://support.microsoft.com/kb/3200970
Windows 10 Version 1607 for x64-based Systems:
https://support.microsoft.com/kb/3200970
Windows Server 2016 for x64-based Systems:
https://support.microsoft.com/kb/3200970

Sources

https://technet.microsoft.com/library/security/MS16-129

Information Disclosure in Microsoft Edge and Microsoft Internet Explorer - CVE-2016-7227

Detailed vulnerability description

How to mitigate CVE-2016-7227

Sources

Please verify you're human