CVE-2016-3325
published 2016-09-14CVE-2016-3325: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser…
PriorityP336low3.1CVSS 3.0
AVNACHPRNUIRSUCLINAN
EXPLOIT
EPSS
53.91%
98.9th percentile
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a crafted HTTP 1xx response where the status line parser reads out-of-bounds; monitor for anomalous HTTP 100 responses with oversized or malformed status lines (e.g., extra bytes appended before CRLF) delivered to IE/Edge clients ↗
- →The vulnerable function is CHttpHeaderParser::ParseStatusLine in WININET.dll; look for crash telemetry or AV hits referencing this function in IE/Edge processes ↗
- →Proof-of-concept exploit uses window.onerror and XMLHttpRequest statusText to attempt memory disclosure; monitor for JS patterns combining window.onerror handlers with XHR requests to attacker-controlled servers returning HTTP 1xx responses ↗
- ·The PoC author notes the exploit fails to reliably leak memory in practice; all VCPs rejected it as not practically exploitable, so detection priority should be moderate ↗
- ·Microsoft's own exploit status rates this as 'Exploitation Less Likely' for both latest and older software releases ↗
CVSS provenance
nvdv3.03.1LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_msrc3.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5v8f-79h7-hmp4: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browse
ghsa_unreviewed·2022-05-14
CVE-2016-3325 [LOW] CWE-200 GHSA-5v8f-79h7-hmp4: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browse
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Microsoft
Internet Explorer Information Disclosure Vulnerability
vendor_msrc·2016-09-13·CVSS 3.1
CVE-2016-3325 [LOW] Internet Explorer Information Disclosure Vulnerability
Internet Explorer Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an at
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/92832http://www.securitytracker.com/id/1036788http://www.securitytracker.com/id/1036789https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105https://www.exploit-db.com/exploits/40747/http://www.securityfocus.com/bid/92832http://www.securitytracker.com/id/1036788http://www.securitytracker.com/id/1036789https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105https://www.exploit-db.com/exploits/40747/
2016-09-14
Published