cvelistv5 - CVE-2016-0111

CVE-2016-0111 (GCVE-0-2016-0111)

Vulnerability from cvelistv5

Published

2016-03-09 11:00

Modified

2024-08-05 22:08

Severity ?

CWE

Summary

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.

References

URL

Tags

	secure@microsoft.com	http://www.securityfocus.com/bid/84022
	secure@microsoft.com	http://www.securitytracker.com/id/1035203
	secure@microsoft.com	http://www.securitytracker.com/id/1035204
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024
	secure@microsoft.com	https://www.exploit-db.com/exploits/39663/
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/84022
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035203
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035204
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/39663/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:08:13.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "84022",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84022"
          },
          {
            "name": "39663",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39663/"
          },
          {
            "name": "1035204",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035204"
          },
          {
            "name": "MS16-024",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
          },
          {
            "name": "1035203",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035203"
          },
          {
            "name": "MS16-023",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "84022",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84022"
        },
        {
          "name": "39663",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39663/"
        },
        {
          "name": "1035204",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035204"
        },
        {
          "name": "MS16-024",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
        },
        {
          "name": "1035203",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035203"
        },
        {
          "name": "MS16-023",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-0111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "84022",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84022"
            },
            {
              "name": "39663",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39663/"
            },
            {
              "name": "1035204",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035204"
            },
            {
              "name": "MS16-024",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
            },
            {
              "name": "1035203",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035203"
            },
            {
              "name": "MS16-023",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-0111",
    "datePublished": "2016-03-09T11:00:00",
    "dateReserved": "2015-12-04T00:00:00",
    "dateUpdated": "2024-08-05T22:08:13.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-0111\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2016-03-09T11:59:20.747\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \\\"Microsoft Browser Memory Corruption Vulnerability,\\\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.\"},{\"lang\":\"es\",\"value\":\"Microsoft Internet Explorer 9 hasta la versi\u00f3n 11 y Microsoft Edge permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocida como \\\"Microsoft Browser Memory Corruption Vulnerability\\\", una vulnerabilidad diferente a CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, y CVE-2016-0113.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD5B232-95EA-4F8E-8C7D-7976877AD243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C043EDDD-41BF-4718-BDCF-158BBBDB6360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5808661-A082-4CBE-808C-B253972487B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/84022\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1035203\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1035204\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://www.exploit-db.com/exploits/39663/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/84022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035204\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/39663/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2016-0111

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-0111

Aliases

CVE-2016-0111

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-0111",
    "description": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.",
    "id": "GSD-2016-0111",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-0111"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-0111"
      ],
      "details": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.",
      "id": "GSD-2016-0111",
      "modified": "2023-12-13T01:21:17.849495Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2016-0111",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "84022",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/84022"
          },
          {
            "name": "39663",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/39663/"
          },
          {
            "name": "1035204",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035204"
          },
          {
            "name": "MS16-024",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
          },
          {
            "name": "1035203",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035203"
          },
          {
            "name": "MS16-023",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-0111"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "84022",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/84022"
            },
            {
              "name": "1035203",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035203"
            },
            {
              "name": "1035204",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035204"
            },
            {
              "name": "39663",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/39663/"
            },
            {
              "name": "MS16-024",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
            },
            {
              "name": "MS16-023",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-12T22:11Z",
      "publishedDate": "2016-03-09T11:59Z"
    }
  }
}

fkie_cve-2016-0111

Vulnerability from fkie_nvd

Published

2016-03-09 11:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@microsoft.com	http://www.securityfocus.com/bid/84022
	secure@microsoft.com	http://www.securitytracker.com/id/1035203
	secure@microsoft.com	http://www.securitytracker.com/id/1035204
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024
	secure@microsoft.com	https://www.exploit-db.com/exploits/39663/
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/84022
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035203
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035204
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/39663/

Impacted products

Vendor	Product	Version
microsoft	edge	*
microsoft	internet_explorer	9
microsoft	internet_explorer	10
microsoft	internet_explorer	11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113."
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Explorer 9 hasta la versi\u00f3n 11 y Microsoft Edge permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocida como \"Microsoft Browser Memory Corruption Vulnerability\", una vulnerabilidad diferente a CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, y CVE-2016-0113."
    }
  ],
  "id": "CVE-2016-0111",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-09T11:59:20.747",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/84022"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1035203"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1035204"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/39663/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/84022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/39663/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2016-01572

Vulnerability from cnvd

Title

Microsoft浏览器内存破坏漏洞（CNVD-2016-01572）

Description

Microsoft Internet Explorer（IE）和Microsoft Edge都是美国微软（Microsoft）公司开发的Web浏览器。前者是Windows 10之前操作系统附带的默认浏览器，后者是最新操作系统Windows 10附带的默认浏览器。 Microsoft IE 9版本至11版本和Microsoft Edge中存在远程执行代码漏洞，该漏洞源于程序未能正确访问内存对象。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，造成内存破坏。

Severity

高

Patch Name

Microsoft浏览器内存破坏漏洞（CNVD-2016-01572）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://technet.microsoft.com/security/bulletin/MS16-023

Reference

http://technet.microsoft.com/security/bulletin/MS16-023 http://technet.microsoft.com/security/bulletin/MS16-024

Impacted products

Name
['Microsoft Internet Explorer 10', 'Microsoft Internet Explorer 9', 'Microsoft Internet Explorer 11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-0111"
    }
  },
  "description": "Microsoft Internet Explorer\uff08IE\uff09\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684Web\u6d4f\u89c8\u5668\u3002\u524d\u8005\u662fWindows 10\u4e4b\u524d\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff0c\u540e\u8005\u662f\u6700\u65b0\u64cd\u4f5c\u7cfb\u7edfWindows 10\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft IE 9\u7248\u672c\u81f311\u7248\u672c\u548cMicrosoft Edge\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8bbf\u95ee\u5185\u5b58\u5bf9\u8c61\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u7834\u574f\u3002",
  "discovererName": "Abhishek Arya, Martin Barbella",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://technet.microsoft.com/security/bulletin/MS16-023",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01572",
  "openTime": "2016-03-11",
  "patchDescription": "Microsoft Internet Explorer\uff08IE\uff09\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684Web\u6d4f\u89c8\u5668\u3002\u524d\u8005\u662fWindows 10\u4e4b\u524d\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff0c\u540e\u8005\u662f\u6700\u65b0\u64cd\u4f5c\u7cfb\u7edfWindows 10\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft IE 9\u7248\u672c\u81f311\u7248\u672c\u548cMicrosoft Edge\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8bbf\u95ee\u5185\u5b58\u5bf9\u8c61\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u7834\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft\u6d4f\u89c8\u5668\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-01572\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Internet Explorer 10",
      "Microsoft Internet Explorer 9",
      "Microsoft Internet Explorer 11"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/MS16-023\r\nhttp://technet.microsoft.com/security/bulletin/MS16-024",
  "serverity": "\u9ad8",
  "submitTime": "2016-03-10",
  "title": "Microsoft\u6d4f\u89c8\u5668\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-01572\uff09"
}

CERTFR-2016-AVI-088

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Edge

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ms16-024 du 08 mars 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Edge\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0123"
    },
    {
      "name": "CVE-2016-0109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0109"
    },
    {
      "name": "CVE-2016-0102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0102"
    },
    {
      "name": "CVE-2016-0116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0116"
    },
    {
      "name": "CVE-2016-0125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0125"
    },
    {
      "name": "CVE-2016-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0105"
    },
    {
      "name": "CVE-2016-0129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0129"
    },
    {
      "name": "CVE-2016-0124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0124"
    },
    {
      "name": "CVE-2016-0130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0130"
    },
    {
      "name": "CVE-2016-0110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0110"
    },
    {
      "name": "CVE-2016-0111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0111"
    }
  ],
  "initial_release_date": "2016-03-09T00:00:00",
  "last_revision_date": "2016-03-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-088",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ms16-024 du 08 mars 2016",
      "url": "https://technet.microsoft.com/en-us/library/security/ms16-024"
    }
  ]
}

CERTFR-2016-AVI-087

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-023 du 08 mars 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0109"
    },
    {
      "name": "CVE-2016-0106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0106"
    },
    {
      "name": "CVE-2016-0104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0104"
    },
    {
      "name": "CVE-2016-0112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0112"
    },
    {
      "name": "CVE-2016-0107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0107"
    },
    {
      "name": "CVE-2016-0102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0102"
    },
    {
      "name": "CVE-2016-0103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0103"
    },
    {
      "name": "CVE-2016-0105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0105"
    },
    {
      "name": "CVE-2016-0114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0114"
    },
    {
      "name": "CVE-2016-0113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0113"
    },
    {
      "name": "CVE-2016-0110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0110"
    },
    {
      "name": "CVE-2016-0111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0111"
    },
    {
      "name": "CVE-2016-0108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0108"
    }
  ],
  "initial_release_date": "2016-03-09T00:00:00",
  "last_revision_date": "2016-03-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-087",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-023 du 08 mars 2016",
      "url": "https://technet.microsoft.com/en-us/library/security/ms16-023"
    }
  ]
}

ghsa-8cm2-xr5f-hrc3

Vulnerability from github

Published

2022-05-14 02:25

Modified

2025-04-12 12:57

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-0111"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-03-09T11:59:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.",
  "id": "GHSA-8cm2-xr5f-hrc3",
  "modified": "2025-04-12T12:57:31Z",
  "published": "2022-05-14T02:25:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0111"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-023"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-024"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39663"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/84022"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035203"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035204"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-0111 (GCVE-0-2016-0111)

Vulnerability from cvelistv5

gsd-2016-0111

Vulnerability from gsd

fkie_cve-2016-0111

Vulnerability from fkie_nvd

cnvd-2016-01572

Vulnerability from cnvd

CERTFR-2016-AVI-088

Vulnerability from certfr_avis

Solution

CERTFR-2016-AVI-087

Vulnerability from certfr_avis

Solution

ghsa-8cm2-xr5f-hrc3

Vulnerability from github

Tags

Sightings

Nomenclature