Arbitrary code execution in Microsoft Edge - CVE-2016-3382
Published: October 12, 2016 / Updated: January 23, 2017
Vulnerability identifier: #VU853
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3382
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Edge
Microsoft Edge
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to insufficient input validation. By tricking the victim to download a specially crafted content, attackers can cause a object memory handling error in the Scripting Engine and execute arbitrary code.
Successful exploitation of the vulnerability will result in arbitrary code execution.
The weakness is due to insufficient input validation. By tricking the victim to download a specially crafted content, attackers can cause a object memory handling error in the Scripting Engine and execute arbitrary code.
Successful exploitation of the vulnerability will result in arbitrary code execution.
How to mitigate CVE-2016-3382
Cybersecurity Help is currently unaware of any workarounds addressing the vulnerability.