CVE-2016-3271
published 2016-07-13CVE-2016-3271: The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine…
PriorityP339medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
EPSS
20.87%
97.2th percentile
The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc6.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2016-07-12·CVSS 6.5
CVE-2016-3271 [MEDIUM] Windows Scripting Engine Memory Corruption Vulnerability
Windows Scripting Engine Memory Corruption Vulnerability
Description: An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.
To exploit the vulnerability, an attacker must know the memory address of where the object was created.
The update addresses the vulnerability by changing the way certain functions handle objects in memory.
Microsoft Edge: Microsoft Edge
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3172985
GHSA
GHSA-4fq4-q239-jx7m: The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripti
ghsa_unreviewed·2022-05-14
CVE-2016-3271 [MEDIUM] CWE-200 GHSA-4fq4-q239-jx7m: The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripti
The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/91586http://www.securitytracker.com/id/1036286https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085http://www.securityfocus.com/bid/91586http://www.securitytracker.com/id/1036286https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085
2016-07-13
Published