DATABASE RESOURCES PRICING ABOUT US

{"id": "MS:CVE-2016-3350", "bulletinFamily": "microsoft", "title": "Scripting Engine Memory Corruption Vulnerability", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "published": "2016-09-13T07:00:00", "modified": "2016-09-13T07:00:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2016-3350", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2016-3350"], "immutableFields": [], "type": "mscve", "lastseen": "2021-12-06T18:25:25", "edition": 1, "viewCount": 3, "enchantments": {"backreferences": {"references": [{"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["CVE-2016-3350"], "type": "cve"}, {"idList": ["KB3189866"], "type": "mskb"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["SMB_NT_MS16-105.NASL"], "type": "nessus"}]}, "dependencies": {"references": [{"idList": ["OPENVAS:1361412562310809042"], "type": "openvas"}, {"idList": ["KB3183043"], "type": "mskb"}, {"idList": ["CVE-2016-3350", "CVE-2016-3377"], "type": "cve"}, {"idList": ["SMNTC-92793"], "type": "symantec"}, {"idList": ["SMB_NT_MS16-105.NASL"], "type": "nessus"}, {"idList": ["KLA10875"], "type": "kaspersky"}]}, "exploitation": null, "score": {"value": 1.6, "vector": "NONE"}, "vulnersScore": 1.6}, "kbList": ["KB3176495", "KB3189866"], "msrc": "", "mscve": "CVE-2016-3350", "msAffectedSoftware": [{"kb": "KB3189866", "kbSupersedence": "KB3176495", "msplatform": "Windows 10 Version 1607 for 32-bit Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB3189866", "kbSupersedence": "KB3176495", "msplatform": "Windows 10 Version 1607 for x64-based Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}, "_state": {"dependencies": 1647589307, "score": 1659749172}}

{"symantec": [{"lastseen": "2018-03-13T06:17:02", "bulletinFamily": "software", "cvelist": ["CVE-2016-3350"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This allows the attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2016-09-13T00:00:00", "published": "2016-09-13T00:00:00", "id": "SMNTC-92793", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/92793", "type": "symantec", "title": "Microsoft Edge CVE-2016-3350 Scripting Engine Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T13:22:26", "description": "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3377.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-09-14T10:59:00", "type": "cve", "title": "CVE-2016-3350", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3350", "CVE-2016-3377"], "modified": "2018-10-12T22:12:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2016-3350", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3350", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:23:09", "description": "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3350.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2016-09-14T10:59:00", "type": "cve", "title": "CVE-2016-3377", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3350", "CVE-2016-3377"], "modified": "2018-10-12T22:12:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2016-3377", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3377", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-08T13:58:50", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-105", "cvss3": {}, "published": "2016-09-14T00:00:00", "type": "openvas", "title": "Microsoft Edge Multiple Vulnerabities (3183043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3325", "CVE-2016-3350", "CVE-2016-3374", "CVE-2016-3291", "CVE-2016-3351", "CVE-2016-3247", "CVE-2016-3377", "CVE-2016-3297", "CVE-2016-3330", "CVE-2016-3294", "CVE-2016-3370", "CVE-2016-3295"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310809042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Edge Multiple Vulnerabities (3183043)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809042\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2016-3247\", \"CVE-2016-3291\", \"CVE-2016-3294\", \"CVE-2016-3295\",\n \"CVE-2016-3297\", \"CVE-2016-3325\", \"CVE-2016-3330\", \"CVE-2016-3350\",\n \"CVE-2016-3351\", \"CVE-2016-3370\", \"CVE-2016-3374\", \"CVE-2016-3377\");\n script_bugtraq_id(92828, 92834, 92789, 92830, 92829, 92832, 92807, 92793);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-14 08:01:49 +0530 (Wed, 14 Sep 2016)\");\n script_name(\"Microsoft Edge Multiple Vulnerabities (3183043)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-105\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - The Microsoft Edge improperly handles objects in memory.\n\n - The Chakra JavaScript engine renders when handling objects in memory in\n Microsoft Edge.\n\n - The Microsoft Edge improperly handles cross-origin requests.\n\n - Certain functions improperly handles objects in memory.\n\n - The PDF Library and Microsoft Browser improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attacker to execute arbitrary code in the context of the current user, to\n determine the origin of all of the web pages in the affected browser, and to\n obtain information to further compromise a target system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 x32/x64\n\n - Microsoft Windows 10 Version 1511 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3183043\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms16-105\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nedgePath = smb_get_system32root();\nif(!edgePath){\n exit(0);\n}\n\nif(!edgeVer = fetch_file_version(sysPath: edgePath, file_name:\"edgehtml.dll\")){;\n exit(0);\n}\n\nif(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:edgeVer, test_version:\"11.0.10240.17113\"))\n {\n Vulnerable_range = \"Less than 11.0.10240.17113\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.588\"))\n {\n Vulnerable_range = \"11.0.10586.0 - 11.0.10586.588\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + edgePath + \"\\edgehtml.dll\"+ '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:50:54", "description": "<html><body><p>Resolves a vulnerability in Microsoft Edge that could allow remote code execution if a user views a specially crafted webpage in Microsoft Edge.</p><h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves multiple vulnerabilities in Microsoft Edge. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Edge. To learn more about the vulnerability, see\u00a0<a href=\"https://technet.microsoft.com/library/security/ms16-105\" id=\"kb-link-2\" target=\"_self\">Microsoft Security Bulletin MS16-105</a>. <span></span></div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"><h3 class=\"sbody-h3\">Windows Update</h3>This update is available through Windows Update and Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see the \"Turn on automatic updating in Control Panel\" section of <a href=\"https://technet.microsoft.com/library/security/ms16-105\" id=\"kb-link-3\" target=\"_self\">Microsoft Security Bulletin MS16-105</a>.</div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">More information about this security update</h3>The following articles contain more information about this security update:<ul class=\"sbody-free_list\"><li><a href=\"https://support.microsoft.com/en-us/help/3185611\" id=\"kb-link-4\">3185611 </a>\u00a0Cumulative Update for Windows 10: September 13, 2016</li><li><a href=\"https://support.microsoft.com/en-us/help/3185614\" id=\"kb-link-5\">3185614 </a> Cumulative Update for Windows 10 Version 1511 : September 13, 2016 </li><li><a href=\"https://support.microsoft.com/en-us/help/3189866\" id=\"kb-link-6\">3189866 </a> Cumulative update for Windows 10 Version 1607: September 13, 2016</li></ul><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Security update deployment information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><h4 class=\"sbody-h4\">Windows 10 (all editions)</h4><h5 class=\"sbody-h5 text-subtitle\">Reference Table</h5>The following table contains the security update information for this software.<div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Security update file name</span></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3185611-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10:<br/><span class=\"text-base\">Windows10.0-KB3185611-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB3185614-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10 Version 1511:<br/><span class=\"text-base\">Windows10.0-KB3185614-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported 32-bit editions of Windows 10 Version 1607:<br/><span class=\"text-base\">Windows10.0-KB3189866-x86.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><br/></td><td class=\"sbody-td\">For all supported x64-based editions of Windows 10 Version 1607:<br/><span class=\"text-base\">Windows10.0-KB3189866-x64.msu</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Installation switches</span></td><td class=\"sbody-td\">See <a href=\"mhtml:file://c:\\users\\delhan\\appdata\\local\\microsoft\\windows\\inetcache\\content.outlook\\7d8v8yrx\\microsoft security bulletin ms16-105 - critical.mht!x-usc:https://support.microsoft.com/help/934307\" id=\"kb-link-7\" target=\"_self\">Microsoft Knowledge Base Article 934307</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Restart requirement</span></td><td class=\"sbody-td\">A system restart is required after you apply this security update.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Removal information</span></td><td class=\"sbody-td\">To uninstall an update installed by WUSA, use the <span class=\"text-base\">/Uninstall</span> setup switch or click <span class=\"text-base\">Control Panel</span>, click <span class=\"text-base\">System and Security</span>, click <span class=\"text-base\">Windows Update</span>, and then under See also, click <span class=\"text-base\">Installed updates</span> and select from the list of updates.</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">File information</span></td><td class=\"sbody-td\">See <a href=\"mhtml:file://c:\\users\\delhan\\appdata\\local\\microsoft\\windows\\inetcache\\content.outlook\\7d8v8yrx\\microsoft security bulletin ms16-105 - critical.mht!x-usc:https://support.microsoft.com/help/3185611\" id=\"kb-link-8\" target=\"_self\">Microsoft Knowledge Base Article 3185611</a><br/>See <a href=\"mhtml:file://c:\\users\\delhan\\appdata\\local\\microsoft\\windows\\inetcache\\content.outlook\\7d8v8yrx\\microsoft security bulletin ms16-105 - critical.mht!x-usc:https://support.microsoft.com/help/3185614\" id=\"kb-link-9\" target=\"_self\">Microsoft Knowledge Base Article 3185614</a><br/>See <a href=\"mhtml:file://c:\\users\\delhan\\appdata\\local\\microsoft\\windows\\inetcache\\content.outlook\\7d8v8yrx\\microsoft security bulletin ms16-105 - critical.mht!x-usc:https://support.microsoft.com/help/3189866\" id=\"kb-link-10\" target=\"_self\">Microsoft Knowledge Base Article 3189866</a></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Registry key verification</span></td><td class=\"sbody-td\"><span class=\"text-base\">Note</span> A registry key does not exist to validate the presence of this update.</td></tr></table></div></div><br/></span></div></div></div><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">How to get help and support for this security update</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-11\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-12\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-13\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-14\" target=\"_self\">International Support</a></div><br/></span></div></div></div></div></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-13T00:00:00", "type": "mskb", "title": "MS16-105: Cumulative security update for Microsoft Edge: September 13, 2016", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3295", "CVE-2016-3291", "CVE-2016-3374", "CVE-2016-3350", "CVE-2016-3325", "CVE-2016-3294", "CVE-2016-3370", "CVE-2016-3351", "CVE-2016-3247", "CVE-2016-3330", "CVE-2016-3377", "CVE-2016-3297"], "modified": "2016-09-13T19:47:26", "id": "KB3183043", "href": "https://support.microsoft.com/en-us/help/3183043/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2022-06-01T16:32:28", "description": "The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3183043. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2016-09-13T00:00:00", "type": "nessus", "title": "MS16-105: Cumulative Security Update for Microsoft Edge (3183043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3247", "CVE-2016-3291", "CVE-2016-3294", "CVE-2016-3295", "CVE-2016-3297", "CVE-2016-3325", "CVE-2016-3330", "CVE-2016-3350", "CVE-2016-3351", "CVE-2016-3370", "CVE-2016-3374", "CVE-2016-3377"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS16-105.NASL", "href": "https://www.tenable.com/plugins/nessus/93465", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93465);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2016-3247\",\n \"CVE-2016-3291\",\n \"CVE-2016-3294\",\n \"CVE-2016-3295\",\n \"CVE-2016-3297\",\n \"CVE-2016-3325\",\n \"CVE-2016-3330\",\n \"CVE-2016-3350\",\n \"CVE-2016-3351\",\n \"CVE-2016-3370\",\n \"CVE-2016-3374\",\n \"CVE-2016-3377\"\n );\n script_bugtraq_id(\n 92788,\n 92789,\n 92793,\n 92797,\n 92807,\n 92828,\n 92829,\n 92830,\n 92832,\n 92834,\n 92838,\n 92839\n );\n script_xref(name:\"MSFT\", value:\"MS16-105\");\n script_xref(name:\"MSKB\", value:\"3185611\");\n script_xref(name:\"MSKB\", value:\"3185614\");\n script_xref(name:\"MSKB\", value:\"3189866\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/14\");\n\n script_name(english:\"MS16-105: Cumulative Security Update for Microsoft Edge (3183043)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is\nmissing Cumulative Security Update 3183043. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these vulnerabilities by convincing a user to visit a\nspecially crafted website, resulting in the execution of arbitrary\ncode in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-105\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3377\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-3297\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS16-105';\nkbs = make_list('3185611', '3185614', '3189866');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\n# Server core is not affected\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.14393.187\", os_build:\"14393\", dir:\"\\system32\", bulletin:bulletin, kb:\"3189866\") ||\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.10586.589\", os_build:\"10586\", dir:\"\\system32\", bulletin:bulletin, kb:\"3185614\") ||\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.10240.17113\", os_build:\"10240\", dir:\"\\system32\", bulletin:bulletin, kb:\"3185611\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:20:15", "description": "### *Detect date*:\n09/13/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions from 9 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-3247](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3247>) \n[CVE-2016-3291](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3291>) \n[CVE-2016-3292](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3292>) \n[CVE-2016-3294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3294>) \n[CVE-2016-3295](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3295>) \n[CVE-2016-3370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3370>) \n[CVE-2016-3374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3374>) \n[CVE-2016-3324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3324>) \n[CVE-2016-3375](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3375>) \n[CVE-2016-3330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3330>) \n[CVE-2016-3325](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3325>) \n[CVE-2016-3297](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3297>) \n[CVE-2016-3350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3350>) \n[CVE-2016-3351](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3351>) \n[CVE-2016-3353](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3353>) \n[CVE-2016-3377](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3377>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2016-3247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3247>)5.1High \n[CVE-2016-3291](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3291>)2.6Warning \n[CVE-2016-3292](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3292>)5.1High \n[CVE-2016-3294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3294>)7.6Critical \n[CVE-2016-3295](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3295>)5.1High \n[CVE-2016-3370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3370>)4.3Warning \n[CVE-2016-3374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3374>)4.3Warning \n[CVE-2016-3324](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3324>)6.8High \n[CVE-2016-3375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3375>)7.6Critical \n[CVE-2016-3330](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3330>)7.6Critical \n[CVE-2016-3325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3325>)2.6Warning \n[CVE-2016-3297](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3297>)6.8High \n[CVE-2016-3350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3350>)7.6Critical \n[CVE-2016-3351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3351>)2.6Warning \n[CVE-2016-3353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3353>)5.1High \n[CVE-2016-3377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3377>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3185611](<http://support.microsoft.com/kb/3185611>) \n[3185614](<http://support.microsoft.com/kb/3185614>) \n[3189866](<http://support.microsoft.com/kb/3189866>) \n[3185319](<http://support.microsoft.com/kb/3185319>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-13T00:00:00", "type": "kaspersky", "title": "KLA10875 Multiple vulnerabilities in Microsoft Edge and Internet Explorer", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3247", "CVE-2016-3291", "CVE-2016-3292", "CVE-2016-3294", "CVE-2016-3295", "CVE-2016-3297", "CVE-2016-3324", "CVE-2016-3325", "CVE-2016-3330", "CVE-2016-3350", "CVE-2016-3351", "CVE-2016-3353", "CVE-2016-3370", "CVE-2016-3374", "CVE-2016-3375", "CVE-2016-3377"], "modified": "2020-06-18T00:00:00", "id": "KLA10875", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10875/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}