CVE-2016-0158
published 2016-04-12CVE-2016-0158: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a…
PriorityP336medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
15.08%
96.3th percentile
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc6.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Edge Elevation of Privilege Vulnerability
vendor_msrc·2016-04-12·CVSS 6.5
CVE-2016-0158 [MEDIUM] Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.
In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clickin
GHSA
GHSA-mwhv-gjmq-cpjc: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerabil
ghsa_unreviewed·2022-05-14·CVSS 6.5
CVE-2016-0158 [MEDIUM] GHSA-mwhv-gjmq-cpjc: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerabil
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
GHSA
GHSA-43fx-m629-rhfw: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerabil
ghsa_unreviewed·2022-05-14·CVSS 6.5
CVE-2016-0161 [MEDIUM] GHSA-43fx-m629-rhfw: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerabil
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
No detection rules found.
No public exploits indexed.
Unit42
NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
blogs_unit42·2016-01-21·CVSS 8.8
[HIGH] NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
## NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
Vicky Ray
Robert Falcone
Published: January 21, 2016
Malware
Threat Research
NetTraveler
Spear Phishing
Trojan
Ufa
Ufe
Uzbekistan
Unit 42 recently identified a targeted attack against an individual working for the Foreign Ministry of Uzbekistan in China. A spear-phishing email was sent to a diplomat of the Embassy of Uzbekistan who is likely based in Beijing, China. In this report, we’ll review how the actors attempted to exploit CVE-2012-0158 to install the NetTraveler Trojan.
On December 12, 2015, a spear-phishing email was sent to a diplomat of the Embassy of Uzbekistan. The body and subject of the email suggests that the email was spoofed to look like it was sent by the Russian Foreign Ministry and the att
Zscaler
Zscaler found Multiple Security Vulnerabilities | 04-12-2016
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 04-12-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securitytracker.com/id/1035522http://www.zerodayinitiative.com/advisories/ZDI-16-233https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-038http://www.securitytracker.com/id/1035522http://www.zerodayinitiative.com/advisories/ZDI-16-233https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-038
2016-04-12
Published