Arbitrary code execution in Microsoft Internet Explorer - CVE-2016-3390
Published: October 12, 2016 / Updated: October 12, 2016
Vulnerability identifier: #VU846
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3390
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Internet Explorer
Microsoft Internet Explorer
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause arbitrary code execution on the target system.
The weakness is due to object memory handling error in the Scripting Engine. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
The weakness is due to object memory handling error in the Scripting Engine. By tricking the victim to download a specially crafted file attackers can bypass security restrictions and trigger an arbitrary code to be executed.
Successful exploitatin of the vulnerability leads to arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-3390
Cybersecurity Help is currently unaware of any workarounds addressing the vulnerability.