CVE-2016-3245
published 2016-07-13CVE-2016-3245: Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka…
PriorityP335medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
14.57%
96.2th percentile
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10_on_windows_server_2012 | — | — |
| msrc | internet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_vista_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_vista_x64_edition_service_pack_2 | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ghhg-gx8w-v7m2: Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web sit
ghsa_unreviewed·2022-05-14
CVE-2016-3245 [MEDIUM] CWE-284 GHSA-ghhg-gx8w-v7m2: Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web sit
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."
Microsoft
Internet Explorer Security Feature Bypass Vulnerability
vendor_msrc·2016-07-12·CVSS 3.5
CVE-2016-3245 [MEDIUM] Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer Security Feature Bypass Vulnerability
Description: A restricted ports security feature bypass vulnerability exists for Internet Explorer. An attacker could take advantage of the vulnerability to trick a user into connecting to a remote system.
To exploit the vulnerability, an attacker would have to either convince a user to visit a malicious website or inject malicious code into a compromised website.
The update addresses the vulnerability by correcting how Internet Explorer validates URLs for restricted ports.
Internet Explorer: Internet Explorer
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
Reference: https://catalog.update.microsoft.com/v
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/91585http://www.securitytracker.com/id/1036283https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084http://www.securityfocus.com/bid/91585http://www.securitytracker.com/id/1036283https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084
2016-07-13
Published