Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2016-3288 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
7.5HIGHNVD
OSV7.8
EPSS
34.1%
top 3.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedAug 9
Latest updateMay 14
Description
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
5GHSA▶
GHSA-h935-95pr-wqf9: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln↗2022-05-14
GHSA▶
GHSA-vmr3-h27j-q58j: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln↗2022-05-14
CVEList▶
CVE-2016-3290: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln↗2016-08-09
CVEList▶
CVE-2016-3288: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vuln↗2016-08-09
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Internet Explorer - MSHTML!CMultiReadStreamLifetimeManager::ReleaseThreadStateInternal Read AV↗2016-08-16