Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3321Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
2.5LOWNVD
EPSS
28.7%
top 3.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 9
Latest updateMay 14

Description

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q89r-f728-w9pv: Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local2022-05-14
CVEList
CVE-2016-3321: Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local2016-08-09

💥Exploits & PoCs

1
Metasploit
Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability

📋Vendor Advisories

1
Microsoft
Internet Explorer Information Disclosure Vulnerability2016-08-09

🕵️Threat Intelligence

1
Zscaler
Zscaler found Multiple Security Vulnerabilities | 08-09-2016
CVE-2016-3321 — Sensitive Information Exposure | cvebase