cvelistv5 - cve-2016-3247

CVE-2016-3247 (GCVE-0-2016-3247)

Vulnerability from cvelistv5

Published

2016-09-14 10:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

References

URL

Tags

	secure@microsoft.com	http://blog.skylined.nl/20161118002.html
	secure@microsoft.com	http://seclists.org/fulldisclosure/2016/Nov/111
	secure@microsoft.com	http://www.securityfocus.com/archive/1/539779/100/0/threaded
	secure@microsoft.com	http://www.securityfocus.com/bid/92828
	secure@microsoft.com	http://www.securitytracker.com/id/1036788
	secure@microsoft.com	http://www.securitytracker.com/id/1036789
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
	secure@microsoft.com	https://www.exploit-db.com/exploits/40797/
	af854a3a-2127-422b-91ae-364da2661108	http://blog.skylined.nl/20161118002.html
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Nov/111
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/539779/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92828
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036788
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036789
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40797/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:59.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036789",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036789"
          },
          {
            "name": "92828",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92828"
          },
          {
            "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
          },
          {
            "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.skylined.nl/20161118002.html"
          },
          {
            "name": "MS16-104",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
          },
          {
            "name": "MS16-105",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
          },
          {
            "name": "1036788",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036788"
          },
          {
            "name": "40797",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40797/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1036789",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036789"
        },
        {
          "name": "92828",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92828"
        },
        {
          "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
        },
        {
          "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.skylined.nl/20161118002.html"
        },
        {
          "name": "MS16-104",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
        },
        {
          "name": "MS16-105",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
        },
        {
          "name": "1036788",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036788"
        },
        {
          "name": "40797",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40797/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3247",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036789",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036789"
            },
            {
              "name": "92828",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92828"
            },
            {
              "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
            },
            {
              "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
            },
            {
              "name": "http://blog.skylined.nl/20161118002.html",
              "refsource": "MISC",
              "url": "http://blog.skylined.nl/20161118002.html"
            },
            {
              "name": "MS16-104",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
            },
            {
              "name": "MS16-105",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
            },
            {
              "name": "1036788",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036788"
            },
            {
              "name": "40797",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40797/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-3247",
    "datePublished": "2016-09-14T10:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:59.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-3247\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2016-09-14T10:59:04.463\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \\\"Microsoft Browser Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, vulnerabilidad tambi\u00e9n conocida como \\\"Microsoft Browser Memory Corruption Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7809F78-8D56-4925-A8F9-4119B973A667\"}]}]}],\"references\":[{\"url\":\"http://blog.skylined.nl/20161118002.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2016/Nov/111\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/539779/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/92828\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1036788\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1036789\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40797/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blog.skylined.nl/20161118002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2016/Nov/111\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/539779/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/92828\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40797/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cnvd-2016-07605

Vulnerability from cnvd

Title

Microsoft Internet Explorer和Edge内存破坏漏洞（CNVD-2016-07605）

Description

Microsoft Internet Explorer（IE）和Microsoft Edge都是美国微软（Microsoft）公司开发的Web浏览器。前者是Windows 10之前操作系统附带的默认浏览器，后者是最新操作系统Windows 10附带的默认浏览器。 Microsoft IE和Edge中存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中运行任意代码，获取管理员权限。

Severity

中

Patch Name

Microsoft Internet Explorer和Edge内存破坏漏洞（CNVD-2016-07605）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://technet.microsoft.com/library/security/ms16-104

Reference

http://www.securityfocus.com/bid/92828

Impacted products

Name
['Microsoft Internet Explorer 11', 'Microsoft Edge']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92828"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3247"
    }
  },
  "description": "Microsoft Internet Explorer\uff08IE\uff09\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684Web\u6d4f\u89c8\u5668\u3002\u524d\u8005\u662fWindows 10\u4e4b\u524d\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff0c\u540e\u8005\u662f\u6700\u65b0\u64cd\u4f5c\u7cfb\u7edfWindows 10\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft IE\u548cEdge\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "SkyLined, working with Trend Micro???s Zero Day Initiative (ZDI)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://technet.microsoft.com/library/security/ms16-104",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-07605",
  "openTime": "2016-09-18",
  "patchDescription": "Microsoft Internet Explorer\uff08IE\uff09\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u7684Web\u6d4f\u89c8\u5668\u3002\u524d\u8005\u662fWindows 10\u4e4b\u524d\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff0c\u540e\u8005\u662f\u6700\u65b0\u64cd\u4f5c\u7cfb\u7edfWindows 10\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft IE\u548cEdge\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Internet Explorer\u548cEdge\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-07605\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Internet Explorer 11",
      "Microsoft Edge"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/92828",
  "serverity": "\u4e2d",
  "submitTime": "2016-09-14",
  "title": "Microsoft Internet Explorer\u548cEdge\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-07605\uff09"
}

ghsa-9cvr-8gvg-2wq6

Vulnerability from github

Published

2022-05-14 02:24

Modified

2025-04-12 13:04

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-3247"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-14T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"",
  "id": "GHSA-9cvr-8gvg-2wq6",
  "modified": "2025-04-12T13:04:07Z",
  "published": "2022-05-14T02:24:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3247"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40797"
    },
    {
      "type": "WEB",
      "url": "http://blog.skylined.nl/20161118002.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92828"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036788"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036789"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2016-AVI-307

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 11
Microsoft	Windows	Internet Explorer 11 pour Windows 10

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-104 du 13 septembre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-104 du 13 septembre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11 pour Windows 10",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3324"
    },
    {
      "name": "CVE-2016-3292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3292"
    },
    {
      "name": "CVE-2016-3375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3375"
    },
    {
      "name": "CVE-2016-3295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3295"
    },
    {
      "name": "CVE-2016-3297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3297"
    },
    {
      "name": "CVE-2016-3351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3351"
    },
    {
      "name": "CVE-2016-3325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3325"
    },
    {
      "name": "CVE-2016-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3291"
    },
    {
      "name": "CVE-2016-3247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3247"
    },
    {
      "name": "CVE-2016-3353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3353"
    }
  ],
  "initial_release_date": "2016-09-14T00:00:00",
  "last_revision_date": "2016-09-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-104 du 13 septembre    2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-104"
    }
  ],
  "reference": "CERTFR-2016-AVI-307",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-104 du 13 septembre 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-308

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Edge pour Windows 10

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-105 du 13 septembre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-105 du 13 septembre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Edge pour Windows 10\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3295"
    },
    {
      "name": "CVE-2016-3297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3297"
    },
    {
      "name": "CVE-2016-3350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3350"
    },
    {
      "name": "CVE-2016-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3294"
    },
    {
      "name": "CVE-2016-3377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3377"
    },
    {
      "name": "CVE-2016-3370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3370"
    },
    {
      "name": "CVE-2016-3351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3351"
    },
    {
      "name": "CVE-2016-3325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3325"
    },
    {
      "name": "CVE-2016-3374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3374"
    },
    {
      "name": "CVE-2016-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3291"
    },
    {
      "name": "CVE-2016-3247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3247"
    },
    {
      "name": "CVE-2016-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3330"
    }
  ],
  "initial_release_date": "2016-09-14T00:00:00",
  "last_revision_date": "2016-09-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-105 du 13 septembre    2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-105"
    }
  ],
  "reference": "CERTFR-2016-AVI-308",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-105 du 13 septembre 2016",
      "url": null
    }
  ]
}

fkie_cve-2016-3247

Vulnerability from fkie_nvd

Published

2016-09-14 10:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@microsoft.com	http://blog.skylined.nl/20161118002.html
	secure@microsoft.com	http://seclists.org/fulldisclosure/2016/Nov/111
	secure@microsoft.com	http://www.securityfocus.com/archive/1/539779/100/0/threaded
	secure@microsoft.com	http://www.securityfocus.com/bid/92828
	secure@microsoft.com	http://www.securitytracker.com/id/1036788
	secure@microsoft.com	http://www.securitytracker.com/id/1036789
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
	secure@microsoft.com	https://www.exploit-db.com/exploits/40797/
	af854a3a-2127-422b-91ae-364da2661108	http://blog.skylined.nl/20161118002.html
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Nov/111
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/539779/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92828
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036788
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036789
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40797/

Impacted products

	Vendor	Product	Version
	microsoft	edge	-
	microsoft	internet_explorer	11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, vulnerabilidad tambi\u00e9n conocida como \"Microsoft Browser Memory Corruption Vulnerability\"."
    }
  ],
  "id": "CVE-2016-3247",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-14T10:59:04.463",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blog.skylined.nl/20161118002.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/92828"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1036788"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1036789"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://www.exploit-db.com/exploits/40797/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.skylined.nl/20161118002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/40797/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2016-3247

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-3247

Aliases

CVE-2016-3247

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3247",
    "description": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"",
    "id": "GSD-2016-3247",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-3247"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3247"
      ],
      "details": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\"",
      "id": "GSD-2016-3247",
      "modified": "2023-12-13T01:21:27.327073Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2016-3247",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1036789",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036789"
          },
          {
            "name": "92828",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/92828"
          },
          {
            "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
          },
          {
            "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
          },
          {
            "name": "http://blog.skylined.nl/20161118002.html",
            "refsource": "MISC",
            "url": "http://blog.skylined.nl/20161118002.html"
          },
          {
            "name": "MS16-104",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
          },
          {
            "name": "MS16-105",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
          },
          {
            "name": "1036788",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036788"
          },
          {
            "name": "40797",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40797/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3247"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92828",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/92828"
            },
            {
              "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2016/Nov/111"
            },
            {
              "name": "http://blog.skylined.nl/20161118002.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.skylined.nl/20161118002.html"
            },
            {
              "name": "1036789",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036789"
            },
            {
              "name": "1036788",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036788"
            },
            {
              "name": "40797",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/40797/"
            },
            {
              "name": "20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/539779/100/0/threaded"
            },
            {
              "name": "MS16-105",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
            },
            {
              "name": "MS16-104",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-12T22:12Z",
      "publishedDate": "2016-09-14T10:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-3247 (GCVE-0-2016-3247)

Vulnerability from cvelistv5

cnvd-2016-07605

Vulnerability from cnvd

ghsa-9cvr-8gvg-2wq6

Vulnerability from github

CERTFR-2016-AVI-307

Vulnerability from certfr_avis

Solution

CERTFR-2016-AVI-308

Vulnerability from certfr_avis

Solution

fkie_cve-2016-3247

Vulnerability from fkie_nvd

gsd-2016-3247

Vulnerability from gsd

Tags

Sightings

Nomenclature