CVE-2016-3288
published 2016-08-09CVE-2016-3288: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption…
PriorityP264high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
51.80%
98.8th percentile
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 3.13.0-101.148 | 3.13.0-101.148 |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a crafted web page targeting Internet Explorer 11; the root cause is improper memory access in MSHTML's CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal, resulting in a Read Access Violation ↗
- →PoC exploit uses FileReader.readAsDataURL() on an empty Blob combined with garbage collection to trigger the memory corruption; monitor for unusual FileReader/Blob usage patterns in IE11 scripting contexts ↗
- →The vulnerability involves the Microsoft Windows Text Services Framework object handling in memory; detection should focus on IE11 processes interacting with TSF objects leading to memory corruption ↗
- →Exploit status rated 'Exploitation More Likely' for both latest and older software releases; prioritize detection on unpatched IE11 instances ↗
- ·The PoC triggers garbage collection explicitly as part of the exploit chain; CollectGarbage() is an IE-specific scripting function and its presence alongside FileReader/Blob operations may indicate exploit activity rather than legitimate use ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_msrc7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h935-95pr-wqf9: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-3288 [HIGH] CWE-119 GHSA-h935-95pr-wqf9: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
GHSA
GHSA-vmr3-h27j-q58j: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-3290 [HIGH] CWE-119 GHSA-vmr3-h27j-q58j: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3288.
OSV
linux vulnerabilities
osv·2016-11-11·CVSS 7.8
CVE-2014-9904 linux vulnerabilities
linux vulnerabilities
It was discovered that the compression handling code in the Advanced Linux
Sound Architecture (ALSA) subsystem in the Linux kernel did not properly
check for an integer overflow. A local attacker could use this to cause a
denial of service (system crash). (CVE-2014-9904)
Kirill A. Shutemov discovered that memory manager in the Linux kernel did
not properly handle anonymous pages. A local attacker could use this to
cause a denial of service or possibly gain administrative privileges.
(CVE-2015-3288)
Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress
hugetlbfs support in X86 paravirtualized guests. An attacker in the guest
OS could cause a denial of service (guest system crash). (CVE-2016-3961)
Ondrej Kozina discovered that the keyring inter
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2016-08-09·CVSS 7.1
CVE-2016-3288 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through
No detection rules found.
http://www.securityfocus.com/bid/92321http://www.securitytracker.com/id/1036562https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095https://www.exploit-db.com/exploits/40253/http://www.securityfocus.com/bid/92321http://www.securitytracker.com/id/1036562https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095https://www.exploit-db.com/exploits/40253/
2016-08-09
Published