Arbitrary code execution in Microsoft Edge - CVE-2016-3331
Published: October 12, 2016 / Updated: January 23, 2017
Vulnerability identifier: #VU852
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3331
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Edge
Microsoft Edge
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code execution on the target system.
The weakness is due to insufficient input validation. By tricking the victim to download a specially crafted content attackers can cause a memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability leads to arbitrary code execution on the vulnerable system.
The weakness is due to insufficient input validation. By tricking the victim to download a specially crafted content attackers can cause a memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability leads to arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-3331
Cybersecurity Help is currently unaware of any workarounds addressing the vulnerability.