⚠ Actively exploited

Added to CISA KEV on 2022-05-24. Federal agencies required to patch by 2022-06-14. Required action: Apply updates per vendor instructions..

CVE-2016-0162 — Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

38.0%

top 2.78%

CISA KEV

KEV

Added 2022-05-24

Due 2022-06-14

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Internet Explorer

Timeline

PublishedApr 12

KEV addedMay 24

KEV dueJun 14

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-gq2g-gj23-9684: Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explor↗2022-05-14

▶

CVEList

CVE-2016-0162: Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explor↗2016-04-12

▶

VulnCheck

Microsoft Internet Explorer Information Disclosure Vulnerability↗2016

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Information Disclosure Vulnerability↗2022-05-24

▶

Microsoft

Internet Explorer Information Disclosure Vulnerability↗2016-04-12

▶