Memory corruption vulnerability - CVE-2016-3246
Published: July 14, 2016
Vulnerability identifier: #VU145
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3246
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
A remote attacker can execute arbitrary code on the target system.
The vulnerability resides within InjectHtmlStream. A remote attacker can create manipulate document elements and read portions of memory or cause memory corruption.
Successful exploitation may allow a remote attacker to execute arbitrary code on the target system with privileges of current user.
How to mitigate CVE-2016-3246
To resolve this vulnerability vendor recommends installing the following updates:
Microsoft Edge
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems