CVE-2016-3212
published 2016-06-16CVE-2016-3212: The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct…
PriorityP275medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
10.15%
95.1th percentile
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10_on_windows_server_2012 | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_vista_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_vista_x64_edition_service_pack_2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in the XSS Filter of Internet Explorer 9 through 11, which does not properly identify/validate JavaScript — look for crafted web requests targeting IE clients with obfuscated or malformed JavaScript payloads that may bypass the XSS filter ↗
- →Exploitation results in code execution at medium-integrity level (current user permissions) — process integrity level monitoring on iexplore.exe spawning unexpected child processes may indicate post-exploitation activity ↗
- →Attack vector is web-based; monitor for users being directed to attacker-controlled or compromised websites hosting specially crafted content targeting IE 9–11 XSS filter bypass ↗
- ·Patch KB3160005, KB3163017, and KB3163018 address this vulnerability; unpatched IE 9–11 installations remain at risk — verify patch deployment status ↗
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
vendor_msrc6.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vp2j-xqjh-hqj9: The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduc
ghsa_unreviewed·2022-05-14
CVE-2016-3212 [MEDIUM] CWE-79 GHSA-vp2j-xqjh-hqj9: The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduc
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
VulnCheck
Microsoft Internet Explorer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2016·CVSS 6.1
CVE-2016-3212 [MEDIUM] Microsoft Internet Explorer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Microsoft Internet Explorer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-landscape-report-2h-2023.pdf
Microsoft
Internet Explorer XSS Filter Vulnerability
vendor_msrc·2016-06-14·CVSS 6.1
CVE-2016-3212 [MEDIUM] Internet Explorer XSS Filter Vulnerability
Internet Explorer XSS Filter Vulnerability
Description: A remote code execution vulnerability exists when the Internet Explorer XSS Filter does not properly validate JavaScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current user).
In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability.
However, in all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take acti
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/91105http://www.securitytracker.com/id/1036096https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063http://www.securityfocus.com/bid/91105http://www.securitytracker.com/id/1036096https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063
2016-06-16
Published
Exploited in the wild