CVE-2016-0194
published 2016-05-11CVE-2016-0194: Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet…
PriorityP432medium5.3CVSS 3.0
AVNACHPRNUIRSUCHINAN
EPSS
15.51%
96.4th percentile
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10_on_windows_server_2012 | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_msrc5.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9xgw-cmgj-mqqf: Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka
ghsa_unreviewed·2022-05-14
CVE-2016-0194 [MEDIUM] CWE-200 GHSA-9xgw-cmgj-mqqf: Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Microsoft
Internet Explorer Information Disclosure Vulnerability
vendor_msrc·2016-05-10·CVSS 5.3
CVE-2016-0194 [MEDIUM] Internet Explorer Information Disclosure Vulnerability
Internet Explorer Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Internet Explorer does not properly handle file access permissions, which could allow an attacker to disclose the contents of arbitrary files on the user's computer. An attacker who successfully exploited the vulnerability could potentially read data that was not intended to be disclosed. Note that the vulnerability would not allow an attacker to execute code or to elevate a user’s rights directly, but the vulnerability could be used to obtain information in an attempt to further compromise the affected system.
In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerabil
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - May 2016
blogs_talos·2016-05-10·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - May 2016
## Microsoft Patch Tuesday - May 2016
This post is authored by Holger Unterbrink .
Patch Tuesday for May 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 16 bulletins addressing 33 vulnerabilities. Eight bulletins are rated critical, addressing vulnerabilities in Edge, Internet Explorer, Office, Graphic Components, VBScript, and Windows Shell. The remaining bulletins are rated important and address vulnerabilities in Internet Explorer, Office, Windows Kernel, IIS, Media Center, Hyper-V, .NET, and several other Windows components.
## Bulletins Rated Critical Vulnerabilities in Microsoft bulletins MS16-051 through MS16-057 and MS16-064 are rated as critical in
Talos
Microsoft Patch Tuesday - May 2016
blogs_talos·2016-05-10·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - May 2016
This post is authored by Holger Unterbrink.
Patch Tuesday for May 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 16 bulletins addressing 33 vulnerabilities. Eight bulletins are rated critical, addressing vulnerabilities in Edge, Internet Explorer, Office, Graphic Components, VBScript, and Windows Shell. The remaining bulletins are rated important and address vulnerabilities in Internet Explorer, Office, Windows Kernel, IIS, Media Center, Hyper-V, .NET, and several other Windows components.
## Bulletins Rated CriticalVulnerabilities in Microsoft bulletins MS16-051 through MS16-057 and MS16-064 are rated as critical in this month's release.
MS16-051and MS16-
Zscaler
Zscaler found Multiple Security Vulnerabilities | 05-11-2016
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 05-11-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/90004http://www.securitytracker.com/id/1035820http://www.zerodayinitiative.com/advisories/ZDI-16-275https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051http://www.securityfocus.com/bid/90004http://www.securitytracker.com/id/1035820http://www.zerodayinitiative.com/advisories/ZDI-16-275https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051
2016-05-11
Published