⚠ Actively exploited
Added to CISA KEV on 2022-05-24. Federal agencies required to patch by 2022-06-14. Required action: Apply updates per vendor instructions..
CVE-2016-3298 — Sensitive Information Exposure in Microsoft Internet Explorer
Severity
6.5MEDIUMNVD
EPSS
27.7%
top 3.54%
CISA KEV
KEV
Added 2022-05-24
Due 2022-06-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 14
KEV addedMay 24
KEV dueJun 14
CISA Required Action: Apply updates per vendor instructions.
Description
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages2 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-9vv9-w57h-m8qw: Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 al↗2022-05-14
CVEList▶
CVE-2016-3298: Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 al↗2016-10-14