CVE-2016-3215 — Sensitive Information Exposure in Microsoft Windows 10

CWE-200 — Sensitive Information Exposure9 documents4 sources

Severity

6.5MEDIUMNVD

NVD5.5

EPSS

37.8%

top 2.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

14

Microsoft Windows 10 Microsoft Windows Server 2012 Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems +11 more

Timeline

PublishedJun 16

Latest updateMay 14

Description

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_x64-based_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_x64-based_systems

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-32j5-jhjr-4699: Microsoft Windows 8↗2022-05-14

▶

GHSA

GHSA-cg42-27q5-rjhh: Microsoft Windows 8↗2022-05-14

▶

📋Vendor Advisories

3

Microsoft

Windows PDF Information Disclosure Vulnerability↗2016-06-14

▶

Microsoft

Windows PDF Information Disclosure Vulnerability↗2016-06-14

▶

Microsoft

Windows PDF Remote Code Execution↗2016-06-14

▶

🕵️Threat Intelligence

2

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶