CVE-2016-7204 — Sensitive Information Exposure in Microsoft Edge ON Windows 10 FOR 32-bit Systems

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

3.1LOWNVD

EPSS

18.6%

top 4.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems Msrc Microsoft Edge ON Windows 10 FOR X64-based Systems Msrc Microsoft Edge ON Windows 10 Version 1511 FOR 32-bit Systems +4 more

Timeline

PublishedNov 10

Latest updateMay 14

Description

Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages7 packages

▶msrcmsrc/microsoft_edge_on_windows_server_2016

▶msrcmsrc/microsoft_edge_on_windows_10_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_x64-based_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1607_for_32-bit_systems

🔴Vulnerability Details

GHSA

GHSA-rp7w-g57f-q2vj: Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vul↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Information Disclosure Vulnerability↗2016-11-08

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 11-08-2016↗

▶