CVE-2016-0059 — Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200 — Sensitive Information Exposure13 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

14.0%

top 5.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedFeb 10

Latest updateMay 14

Description

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

🔴Vulnerability Details

GHSA

GHSA-pppg-58m8-6m4j: The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory v↗2022-05-14

▶

CVEList

CVE-2016-0059: The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory v↗2016-02-10

▶

🕵️Threat Intelligence

Fortinet

Leaking Browser URL/Protocol Handlers | FortiGuard Labs↗2020-12-03

▶

Fortinet

An Analysis of the DLL Address Leaking Trick used by the “Double Kill” Internet Explorer Zero-Day exploit (CVE-2018-8174)↗2018-08-06

▶

Fortinet

WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server↗2017-06-14

▶

Fortinet

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server↗2017-03-23

▶

Fortinet

Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader↗2016-10-21

▶

💬Community

Bugzilla

CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality↗2016-02-09

▶