CVE-2016-3244
published 2016-07-13CVE-2016-3244: Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
PriorityP428medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
EPSS
18.75%
96.9th percentile
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9225-3g2q-3g5g: Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass
ghsa_unreviewed·2022-05-14
CVE-2016-3244 [MEDIUM] CWE-284 GHSA-9225-3g2q-3g5g: Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability
vendor_msrc·2016-07-12·CVSS 4.3
CVE-2016-3244 [MEDIUM] Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Microsoft Edge does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, after which the attacker could load additional malicious code in the process in an attempt to exploit another vulnerability.
An attacker who successfully exploited this vulnerability could bypass the ASLR security feature, which protects users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability tha
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/91599http://www.securitytracker.com/id/1036286https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085http://www.securityfocus.com/bid/91599http://www.securitytracker.com/id/1036286https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085
2016-07-13
Published