CVE-2016-7281
published 2016-12-20CVE-2016-7281: The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via…
PriorityP333medium5.3CVSS 3.0
AVNACHPRNUIRSUCNIHAN
EPSS
12.51%
95.7th percentile
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | microsoft_edge | — | — |
| msrc | microsoft_windows_hyperlink_object_library | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_msrc4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6gj2-5f77-p8vg: The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy vi
ghsa_unreviewed·2022-05-14
CVE-2016-7281 [MEDIUM] GHSA-6gj2-5f77-p8vg: The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy vi
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability
vendor_msrc·2016-12-13·CVSS 4.3
CVE-2016-7281 [MEDIUM] Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - December 2016
blogs_talos·2016-12-13·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash Player. The remaining seven bulletins are rated important and address vulnerabilities in various Windows components including kernel, crypto driver, and installer.
### Bulletins Rated Critical Microsoft bulletins MS16-144 through MS16-148 and MS16-154 are rated as critical in this month's release.
MS16-144 is the Internet Explorer bulletin for this month. It addresses a total of ni
Talos
Microsoft Patch Tuesday - December 2016
blogs_talos·2016-12-13·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - December 2016
## Microsoft Patch Tuesday - December 2016
The final patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month's release contains 12 bulletins addressing 48 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Microsoft Graphics Components, Microsoft Uniscribe, and Adobe Flash Player. The remaining seven bulletins are rated important and address vulnerabilities in various Windows components including kernel, crypto driver, and installer.
## Bulletins Rated Critical Microsoft bulletins MS16-144 through MS16-148 and MS16-154 are rated as critical in this month's release.
MS16-144 is the Internet Explorer bulletin
Qualys
Microsoft Ends 2016 with 15% Increase in Bulletin Volume
blogs_qualys·2016-12-13·CVSS 7.5
[HIGH] Microsoft Ends 2016 with 15% Increase in Bulletin Volume
Happy December! In this last Patch Tuesday installment for 2016, Microsoft released 12 security bulletins which brings the 2016 yearly count to 155. This is about 15% higher than last year. Out of more than 3 billion scans that Qualys performs each year we saw an increase of about 20% in the total number of Microsoft vulnerabilities. This increase can be attributed to an increase in the volume of scanning and to the 15% increase in number of Microsoft bulletins. But the year is not over and I will come up with the normalized number after the year ends.
Out of the 12 Patch Tuesday security bulletins for today, which includes one for Adobe, half are assigned a Critical rating while the other half are important.
Starting with browsers, the Internet Explorer update MS16-144 fixes 3 vulnerabi
Qualys
Microsoft Ends 2016 with 15% Increase in Bulletin Volume | Qualys
blogs_qualys·2016-12-13·CVSS 7.5
[HIGH] Microsoft Ends 2016 with 15% Increase in Bulletin Volume | Qualys
Happy December! In this last Patch Tuesday installment for 2016, Microsoft released 12 security bulletins which brings the 2016 yearly count to 155. This is about 15% higher than last year. Out of more than 3 billion scans that Qualys performs each year we saw an increase of about 20% in the total number of Microsoft vulnerabilities. This increase can be attributed to an increase in the volume of scanning and to the 15% increase in number of Microsoft bulletins. But the year is not over and I will come up with the normalized number after the year ends.
Out of the 12 Patch Tuesday security bulletins for today, which includes one for Adobe, half are assigned a Critical rating while the other half are important.
Starting with browsers, the Internet Explorer update MS16-144 fixes 3 vulnerabi
http://www.securityfocus.com/bid/94723http://www.securitytracker.com/id/1037444https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145http://www.securityfocus.com/bid/94723http://www.securitytracker.com/id/1037444https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145
2016-12-20
Published