cbcvebase.
CVE-2016-0162
published 2016-04-12

CVE-2016-0162: Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer…

PriorityP275medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-14
Exploited in the wild
EPSS
22.09%
97.4th percentile
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."

Affected

19 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
msrcinternet_explorer_10_on_windows_server_2012
msrcinternet_explorer_11_on_windows_10_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_x64-based_systems
msrcinternet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1
msrcinternet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1
msrcinternet_explorer_11_on_windows_8.1_for_32-bit_systems
msrcinternet_explorer_11_on_windows_8.1_for_x64-based_systems
msrcinternet_explorer_11_on_windows_rt_8.1
msrcinternet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac
msrcinternet_explorer_11_on_windows_server_2012_r2
msrcinternet_explorer_9_on_windows_server_2008_for_32-bit_systems_service_pack_2
msrcinternet_explorer_9_on_windows_server_2008_for_x64-based_systems_service_pack_2
msrcinternet_explorer_9_on_windows_vista_service_pack_2
msrcinternet_explorer_9_on_windows_vista_x64_edition_service_pack_2

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is actively exploited in the wild (Exploited:Yes per MSRC); monitor for crafted JavaScript probing file existence via Internet Explorer 9–11
  • Attack vector is web-based: attacker hosts or compromises a website delivering specially crafted JavaScript to IE 9–11 users; look for drive-by or social-engineering lure traffic to suspicious domains targeting IE clients
  • The exploit leverages improper JavaScript handling in IE to detect specific files on the victim's filesystem; hunt for JS that enumerates local file paths (e.g., using error-based timing or exception side-channels on file:// or res:// URIs)
  • ·Affected scope is Internet Explorer versions 9 through 11 only; other browsers are not affected by this CVE
  • ·The fix restricts what information is returned to Internet Explorer from JavaScript; patched systems should no longer leak file-existence data, reducing the value of this as a recon primitive

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck4.3MEDIUM
cisa4.3MEDIUM
vendor_msrc4.3LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.