Main Vulnerability Database Vulnerabilities #VU143

ASLR bypass vulnerability - CVE-2016-3244

Published: July 14, 2016

Vulnerability identifier: #VU143

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-3244

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to improper implementation of Address Space Layout Randomization (ASLR) in Microsoft Edge. A remote attacker can trick the victim to visit malicious webpage, bypass the ASLR security feature and use attempt to exploit another vulnerability.

Successful exploitation of this vulnerability may allow an attacker to use different vulnerabilities in Microsoft Edge to compromise the system.

How to mitigate CVE-2016-3244

To resolve this vulnerability vendor recommends installing the following updates:

Microsoft Edge

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems

Sources

https://technet.microsoft.com/en-us/library/security/MS16-085

ASLR bypass vulnerability - CVE-2016-3244

Detailed vulnerability description

How to mitigate CVE-2016-3244

Sources

Please verify you're human