cbcvebase.
CVE-2016-3325
published 2016-09-14

CVE-2016-3325: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser…

PriorityP336low3.1CVSS 3.0
AVNACHPRNUIRSUCLINAN
EXPLOIT
EPSS
53.91%
98.9th percentile
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

Affected

13 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
msrcinternet_explorer_11_on_windows_10_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via a crafted HTTP 1xx response where the status line parser reads out-of-bounds; monitor for anomalous HTTP 100 responses with oversized or malformed status lines (e.g., extra bytes appended before CRLF) delivered to IE/Edge clients
  • The vulnerable function is CHttpHeaderParser::ParseStatusLine in WININET.dll; look for crash telemetry or AV hits referencing this function in IE/Edge processes
  • Proof-of-concept exploit uses window.onerror and XMLHttpRequest statusText to attempt memory disclosure; monitor for JS patterns combining window.onerror handlers with XHR requests to attacker-controlled servers returning HTTP 1xx responses
  • ·The PoC author notes the exploit fails to reliably leak memory in practice; all VCPs rejected it as not practically exploitable, so detection priority should be moderate
  • ·Microsoft's own exploit status rates this as 'Exploitation Less Likely' for both latest and older software releases

CVSS provenance

nvdv3.03.1LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_msrc3.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.