CVE-2016-7239
published 2016-11-10CVE-2016-7239: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS)…
PriorityP414low3.1CVSS 3.0
AVNACHPRNUIRSUCLINAN
EPSS
11.62%
95.5th percentile
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | internet_explorer_9 | — | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.03.1LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
vendor_msrc3.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Browser Information Disclosure Vulnerability
vendor_msrc·2016-11-08·CVSS 3.1
CVE-2016-7239 [LOW] Microsoft Browser Information Disclosure Vulnerability
Microsoft Browser Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Microsoft browser XSS filter is abused to leak sensitive page information. An attacker who successfully exploited the vulnerability could obtain sensitive information from certain web pages.
To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The update addresses the vulnerability by changing how the XSS filter handles RegEx.
Microsoft Browsers: Microsoft Browsers
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
Reference: https://catalog.update.microsoft.com/v7/site/S
GHSA
GHSA-ggwj-4xw9-ff5x: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripti
ghsa_unreviewed·2022-05-14
CVE-2016-7239 [LOW] CWE-79 GHSA-ggwj-4xw9-ff5x: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripti
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/94059http://www.securitytracker.com/id/1037245https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142http://www.securityfocus.com/bid/94059http://www.securitytracker.com/id/1037245https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142
2016-11-10
Published