Main Vulnerability Database Vulnerabilities #VU279

#VU279 Information Disclosure in Microsoft Internet Explorer - CVE-2016-3321

Published: August 10, 2016 / Updated: September 14, 2018

Vulnerability identifier: #VU279

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2016-3321

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Microsoft Internet Explorer

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists when Internet Explorer incorrectly handles web page content. A remote attacker can create a specially crafted web page, trick a victim to open that page in browser and determine presence of specific files on victim’s computer.

Successful exploitation of this vulnerability my allow an attacker to obtain potentially sensitive information.

Remediation

External links

https://technet.microsoft.com/en-us/library/security/ms16-095.aspx