CVE-2016-3374
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
0.647 Medium
EPSS
Percentile
97.9%
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka “PDF Library Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3370.
Affected configurations
References
blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html
srcincite.io/advisories/src-2016-39/
www.securityfocus.com/bid/92838
www.securitytracker.com/id/1036789
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.9 Medium
AI Score
Confidence
High
0.647 Medium
EPSS
Percentile
97.9%