ID CVE-2016-0166 Type cve Reporter cve@mitre.org Modified 2018-10-12T22:11:00
Description
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
{"symantec": [{"lastseen": "2018-03-11T18:48:51", "bulletinFamily": "software", "cvelist": ["CVE-2016-0166"], "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Internet Explorer 11 is vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2016-04-12T00:00:00", "published": "2016-04-12T00:00:00", "id": "SMNTC-85924", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/85924", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2016-0166 Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2020-06-22T11:42:30", "bulletinFamily": "info", "cvelist": ["CVE-2016-0166"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMediaEngine objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2016-06-22T00:00:00", "published": "2016-04-12T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-230/", "id": "ZDI-16-230", "title": "Microsoft Internet Explorer CMediaEngine Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2020-08-07T11:45:28", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-0166"], "description": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.\n", "edition": 2, "modified": "2016-04-12T07:00:00", "id": "MS:CVE-2016-0166", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0166", "published": "2016-04-12T07:00:00", "title": "Internet Explorer Memory Corruption Vulnerability", "type": "mscve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-10T19:46:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0159", "CVE-2016-0160", "CVE-2016-0154", "CVE-2016-0164", "CVE-2016-0166"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-037.", "modified": "2020-06-08T00:00:00", "published": "2016-04-13T00:00:00", "id": "OPENVAS:1361412562310806698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806698", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (3148531)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (3148531)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806698\");\n script_version(\"2020-06-08T14:40:48+0000\");\n script_cve_id(\"CVE-2016-0154\", \"CVE-2016-0159\", \"CVE-2016-0160\",\n \"CVE-2016-0164\", \"CVE-2016-0166\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 14:40:48 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-04-13 08:03:04 +0530 (Wed, 13 Apr 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (3148531)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-037.\");\n\n script_tag(name:\"vuldetect\", value:\"Gets the vulnerable file version and checks if the\n appropriate patch is applied or not.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption errors.\n\n - Improper validation of input before loading dynamic link library (DLL) files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code and gain elevated privileges on the\n affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 9.x/10.x/11.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3148531\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-037\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2,\n win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\niePath = smb_get_systemroot();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"system32\\Mshtml.dll\");\nif(!iedllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_in_range(version:iedllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16772\"))\n {\n Vulnerable_range = \"9.0.8112.16000 - 9.0.8112.16772\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:iedllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20887\"))\n {\n Vulnerable_range = \"9.0.8112.20000 - 9.0.8112.20887\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2, win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_in_range(version:iedllVer, test_version:\"11.0.9600.00000\", test_version2:\"11.0.9600.18280\"))\n {\n Vulnerable_range = \"11.0.9600.00000 - 11.0.9600.18280\";\n VULN = TRUE ;\n }\n}\n\n## Only LDR version available, irrespective of underlying system, patch updates file to LDR\n## Tested on Win 2012\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(version_in_range(version:iedllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.21810\"))\n {\n Vulnerable_range = \"10.0.9200.16000 - 10.0.9200.21810\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"11.0.10240.16769\"))\n {\n Vulnerable_range = \"Less than 11.0.10240.16769\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:iedllVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.211\"))\n {\n Vulnerable_range = \"11.0.10586.0 - 11.0.10586.211\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + iePath + \"\\system32\\Mshtml.dll\" + '\\n' +\n 'File version: ' + iedllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:43:47", "description": "The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3148531. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these issues by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-04-12T00:00:00", "title": "MS16-037: Cumulative Security Update for Internet Explorer (3148531)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0162", "CVE-2016-0159", "CVE-2016-0160", "CVE-2016-0154", "CVE-2016-0164", "CVE-2016-0166"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS16-037.NASL", "href": "https://www.tenable.com/plugins/nessus/90431", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90431);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-0154\",\n \"CVE-2016-0159\",\n \"CVE-2016-0160\",\n \"CVE-2016-0162\",\n \"CVE-2016-0164\",\n \"CVE-2016-0166\"\n );\n script_bugtraq_id(\n 85922,\n 85924,\n 85936,\n 85938,\n 85939\n );\n script_xref(name:\"MSFT\", value:\"MS16-037\");\n script_xref(name:\"MSKB\", value:\"3148198\");\n script_xref(name:\"MSKB\", value:\"3147458\");\n script_xref(name:\"MSKB\", value:\"3147461\");\n script_xref(name:\"MSKB\", value:\"4014661\");\n\n script_name(english:\"MS16-037: Cumulative Security Update for Internet Explorer (3148531)\");\n script_summary(english:\"Checks the version of mshtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3148531. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these issues by convincing a user to visit a specially crafted\nwebsite, resulting in the execution of arbitrary code in the context\nof the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-037\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Internet Explorer 9, 10,\nand 11.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-037';\nkbs = make_list('3148198', '3147458', '3147461', '4014661');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"mshtml.dll\", version:\"11.0.10586.212\", min_version:\"11.0.10586.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"3147458\") ||\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"mshtml.dll\", version:\"11.0.10240.16769\", min_version:\"11.0.10240.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3147461\") ||\n\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18281\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3148198\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22121\", min_version:\"10.0.9200.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4014661\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18281\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3148198\") ||\n\n # Vista / Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, arch:\"x86\", file:\"mshtml.dll\", version:\"9.0.8112.20888\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3148198\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, arch:\"x64\", file:\"mshtml.dll\", version:\"9.0.8112.20885\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3148198\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, arch:\"x86\", file:\"mshtml.dll\", version:\"9.0.8112.16773\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3148198\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, arch:\"x64\", file:\"mshtml.dll\", version:\"9.0.8112.16770\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3148198\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:46:41", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-0162", "CVE-2016-0159", "CVE-2016-0160", "CVE-2016-0154", "CVE-2016-0164", "CVE-2016-0166"], "description": "<html><body><p>Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves several reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about the vulnerabilities, see <a href=\"https://technet.microsoft.com/library/security/ms16-037\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS16-037</a>.<span></span></div><h2>How to get and install the update</h2><div class=\"kb-summary-section section\"><h3 class=\"sbody-h3\">Method 1: Microsoft Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the \"Turn on automatic updating in Control Panel\" section of <a href=\"https://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-3\" target=\"_self\">this Safety & Security Center article</a>. <br/><br/><span class=\"text-base\">Note</span> For Windows RT and Windows RT 8.1, this update is available through Microsoft Update only.</div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Method 2: Microsoft Download Center</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">You can get the stand-alone update package through the Microsoft Download Center. Go to <a href=\"https://technet.microsoft.com/library/security/ms16-023\" id=\"kb-link-4\" target=\"_self\">Microsoft Security Bulletin MS16-023</a> to find the download links for this update.<br/><br/></div><br/></span></div></div></div></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\">The following article contains more information about this security update:<span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/3148198\" id=\"kb-link-5\">3148198 </a> Security update for Internet Explorer: April 12, 2016 </div></span>Additionally, see the following Microsoft KB articles for information about the Windows 10 and Windows 10 Version 1511 cumulative updates:<span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/3147461\" id=\"kb-link-6\">3147461 </a> Cumulative Update for Windows 10: April 12, 2016 </div></span><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/3147458\" id=\"kb-link-7\">3147458 </a> Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: April 12, 2016 </div></span><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows Vista (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows Vista:<br/><span class=\"text-base\">IE9-Windows6.0-KB3148198-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported x64-based editions of Windows Vista:<br/><span class=\"text-base\">IE9-Windows6.0-KB3148198-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-8\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3148198\" id=\"kb-link-9\" target=\"_self\">Microsoft Knowledge Base Article 3148198</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file names</span></td><td class=\"sbody-td\">For Internet Explorer 9 for all supported 32-bit editions of Windows Server 2008:<br/><span class=\"text-base\">IE9-Windows6.0-KB3148198-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 9 in all supported x64-based editions of Windows Server 2008:<br/><span class=\"text-base\">IE9-Windows6.0-KB3148198-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-10\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click <span class=\"text-base\">Control Panel</span>, and then click <span class=\"text-base\">Security</span>. Under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3148198\" id=\"kb-link-11\" target=\"_self\">Microsoft Knowledge Base Article 3148198</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 7 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows 7 for 32-bit Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3148198-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows 7 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3148198-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-12\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3148198\" id=\"kb-link-13\" target=\"_self\">Microsoft Knowledge Base Article 3148198</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2008 R2 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 11 for Windows Server 2008 R2 for x64-based Systems Service Pack 1:<br/><span class=\"text-base\">IE11-Windows6.1-KB3148198-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-14\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, and then under Windows Update, click <span class=\"text-base\">View installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3148198\" id=\"kb-link-15\" target=\"_self\">Microsoft Knowledge Base Article 3148198</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows 8.1 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported 32-bit editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3148198-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported x64-based editions of Windows 8.1:<br/><span class=\"text-base\">Windows8.1-KB3148198-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-16\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates<span class=\"text-base\">.</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3148198\" id=\"kb-link-17\" target=\"_self\">Microsoft Knowledge Base Article 3148198</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows Server 2012 and Windows Server 2012 R2 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For Internet Explorer 10 in all supported editions of Windows Server 2012:<br/><span class=\"text-base\">Windows8-RT-KB3148198-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For Internet Explorer 11 in all supported editions of Windows Server 2012 R2:<br/><span class=\"text-base\">Windows8.1-KB3148198-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-18\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3148198\" id=\"kb-link-19\" target=\"_self\">Microsoft Knowledge Base Article 3148198</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div><h4 class=\"sbody-h4\">Windows RT 8.1 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Deployment</span></td><td class=\"sbody-td\">This update is available through <a href=\"http://go.microsoft.com/fwlink/?linkid=21130\" id=\"kb-link-20\" target=\"_self\">Windows Update</a>.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart Requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal Information</span></td><td class=\"sbody-td\">Click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">Not applicable</td></tr></table></div><h4 class=\"sbody-h4\">Windows 10 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3147461-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB</span><span class=\"text-base\">3147461</span><span class=\"text-base\">-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB3147458-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB</span><span class=\"text-base\">3147458</span><span class=\"text-base\">-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/934307\" id=\"kb-link-21\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"https://support.microsoft.com/help/3147461\" id=\"kb-link-22\" target=\"_self\">Microsoft Knowledge Base Article 3147461</a><br/>See <a href=\"https://support.microsoft.com/help/3147458\" id=\"kb-link-23\" target=\"_self\">Microsoft Knowledge Base Article 3147458</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to get help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-24\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-25\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-26\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"\" id=\"kb-link-27\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 2, "modified": "2016-05-05T20:39:43", "id": "KB3148531", "href": "https://support.microsoft.com/en-us/help/3148531/", "published": "2016-04-12T00:00:00", "title": "MS16-037: Cumulative security update for Internet Explorer: April 12, 2016", "type": "mskb", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:15", "bulletinFamily": "info", "cvelist": ["CVE-2016-0162", "CVE-2016-0156", "CVE-2016-0159", "CVE-2016-0160", "CVE-2016-0157", "CVE-2016-0155", "CVE-2016-0154", "CVE-2016-0164", "CVE-2016-0161", "CVE-2016-0158", "CVE-2016-0166"], "description": "### *Detect date*:\n04/12/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitraty code, gain privileges or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions 9 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-0154](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0154>) \n[CVE-2016-0155](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0155>) \n[CVE-2016-0156](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0156>) \n[CVE-2016-0157](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0157>) \n[CVE-2016-0158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0158>) \n[CVE-2016-0159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0159>) \n[CVE-2016-0160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0160>) \n[CVE-2016-0161](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0161>) \n[CVE-2016-0162](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0162>) \n[CVE-2016-0164](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0164>) \n[CVE-2016-0166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0166>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2016-0154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0154>)7.6Critical \n[CVE-2016-0155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0155>)7.6Critical \n[CVE-2016-0156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0156>)7.6Critical \n[CVE-2016-0157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0157>)7.6Critical \n[CVE-2016-0158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0158>)4.3Warning \n[CVE-2016-0159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0159>)7.6Critical \n[CVE-2016-0160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0160>)7.2High \n[CVE-2016-0161](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0161>)4.3Warning \n[CVE-2016-0162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0162>)4.3Warning \n[CVE-2016-0164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0164>)7.6Critical \n[CVE-2016-0166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0166>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3147461](<http://support.microsoft.com/kb/3147461>) \n[3147458](<http://support.microsoft.com/kb/3147458>) \n[3148198](<http://support.microsoft.com/kb/3148198>) \n[4015549](<http://support.microsoft.com/kb/4015549>) \n[4015550](<http://support.microsoft.com/kb/4015550>) \n[4015221](<http://support.microsoft.com/kb/4015221>) \n[4014661](<http://support.microsoft.com/kb/4014661>) \n[4015551](<http://support.microsoft.com/kb/4015551>) \n[4015219](<http://support.microsoft.com/kb/4015219>)", "edition": 44, "modified": "2020-05-22T00:00:00", "published": "2016-04-12T00:00:00", "id": "KLA10789", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10789", "title": "\r KLA10789Multiple vulnerabilities in Microsoft Internet Explorer and Edge ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}
