Microsoft Windows JavaScript map Method Heap-based Buffer Overflow Remote Code Execution Vulnerability
2016-09-16T00:00:00
ID ZDI-16-514 Type zdi Reporter Richard Zhu (fluorescence) Modified 2016-11-09T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of the JavaScript map function, as implemented in chakra.dll. By performing actions in JavaScript an attacker can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
{"enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2016-11-09T00:17:56"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-3377"]}, {"type": "symantec", "idList": ["SMNTC-92797"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310809042"]}, {"type": "nessus", "idList": ["SMB_NT_MS16-105.NASL"]}, {"type": "kaspersky", "idList": ["KLA10875"]}], "modified": "2016-11-09T00:17:56"}, "vulnersScore": 6.7}, "edition": 2, "href": "http://www.zerodayinitiative.com/advisories/ZDI-16-514", "modified": "2016-11-09T00:00:00", "published": "2016-09-16T00:00:00", "history": [{"differentElements": ["modified"], "edition": 1, "lastseen": "2016-09-17T01:25:19", "bulletin": {"published": "2016-09-16T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-16-514", "modified": "2016-09-17T00:00:00", "edition": 1, "history": [], "bulletinFamily": "info", "viewCount": 0, "objectVersion": "1.2", "hash": "6e6f30f216d5df6552b621a53620b9a536aca77667096641462e8a99b93b8e41", "title": "Microsoft Windows JavaScript map Method Heap-based Buffer Overflow Remote Code Execution Vulnerability", "references": ["https://technet.microsoft.com/library/security/MS16-105"], "cvelist": ["CVE-2016-3377"], "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of the JavaScript map function, as implemented in chakra.dll. By performing actions in JavaScript an attacker can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "type": "zdi", "id": "ZDI-16-514", "lastseen": "2016-09-17T01:25:19", "reporter": "Richard Zhu (fluorescence)", "hashmap": [{"hash": "10127af190080ed9120c986f06b9369a", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "00627a9a64de5419e03c826ca63f2f9f", "key": "cvelist"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9d454b49babe9943b1e432fba0f1c025", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "cd16e9a8e5c1ad9fdd9ba6e5b173f5ab", "key": "references"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "1f3ebe56c9b8131fd6715afcce28e248", "key": "modified"}, {"hash": "3cc093be1a9cf94383baa1aed3860e24", "key": "description"}, {"hash": "98a1910b55a3793a659ee5eb7e48bbe9", "key": "published"}, {"hash": "b0eb344a382c434a104a42c6781ca8c4", "key": "reporter"}], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}}], "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of the JavaScript map function, as implemented in chakra.dll. By performing actions in JavaScript an attacker can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "bulletinFamily": "info", "viewCount": 4, "objectVersion": "1.2", "hash": "5d00b67224f79d09aded10f9618503f8dc6fb9894355471d8d43bcc260b1d24d", "title": "Microsoft Windows JavaScript map Method Heap-based Buffer Overflow Remote Code Execution Vulnerability", "references": ["https://technet.microsoft.com/library/security/MS16-105"], "cvelist": ["CVE-2016-3377"], "type": "zdi", "id": "ZDI-16-514", "lastseen": "2016-11-09T00:17:56", "reporter": "Richard Zhu (fluorescence)", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "00627a9a64de5419e03c826ca63f2f9f", "key": "cvelist"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "3cc093be1a9cf94383baa1aed3860e24", "key": "description"}, {"hash": "9d454b49babe9943b1e432fba0f1c025", "key": "href"}, {"hash": "f2249e2ed581e22fd91c3d42b700b581", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "98a1910b55a3793a659ee5eb7e48bbe9", "key": "published"}, {"hash": "cd16e9a8e5c1ad9fdd9ba6e5b173f5ab", "key": "references"}, {"hash": "b0eb344a382c434a104a42c6781ca8c4", "key": "reporter"}, {"hash": "10127af190080ed9120c986f06b9369a", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}
{"cve": [{"lastseen": "2019-05-29T18:15:35", "bulletinFamily": "NVD", "description": "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3350.", "modified": "2018-10-12T22:12:00", "id": "CVE-2016-3377", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3377", "published": "2016-09-14T10:59:00", "title": "CVE-2016-3377", "type": "cve", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2018-03-13T20:24:12", "bulletinFamily": "software", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2016-09-13T00:00:00", "published": "2016-09-13T00:00:00", "id": "SMNTC-92797", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/92797", "type": "symantec", "title": "Microsoft Edge CVE-2016-3377 Scripting Engine Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-105", "modified": "2019-05-03T00:00:00", "published": "2016-09-14T00:00:00", "id": "OPENVAS:1361412562310809042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809042", "title": "Microsoft Edge Multiple Vulnerabities (3183043)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Edge Multiple Vulnerabities (3183043)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809042\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_cve_id(\"CVE-2016-3247\", \"CVE-2016-3291\", \"CVE-2016-3294\", \"CVE-2016-3295\",\n \"CVE-2016-3297\", \"CVE-2016-3325\", \"CVE-2016-3330\", \"CVE-2016-3350\",\n \"CVE-2016-3351\", \"CVE-2016-3370\", \"CVE-2016-3374\", \"CVE-2016-3377\");\n script_bugtraq_id(92828, 92834, 92789, 92830, 92829, 92832, 92807, 92793);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-14 08:01:49 +0530 (Wed, 14 Sep 2016)\");\n script_name(\"Microsoft Edge Multiple Vulnerabities (3183043)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-105\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - The Microsoft Edge improperly handles objects in memory.\n\n - The Chakra JavaScript engine renders when handling objects in memory in\n Microsoft Edge.\n\n - The Microsoft Edge improperly handles cross-origin requests.\n\n - Certain functions improperly handles objects in memory.\n\n - The PDF Library and Microsoft Browser improperly handles objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attacker to execute arbitrary code in the context of the current user, to\n determine the origin of all of the web pages in the affected browser, and to\n obtain information to further compromise a target system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 x32/x64.\n\n Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3183043\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms16-105\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-105\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nedgePath = smb_get_system32root();\nif(!edgePath){\n exit(0);\n}\n\nif(!edgeVer = fetch_file_version(sysPath: edgePath, file_name:\"edgehtml.dll\")){;\n exit(0);\n}\n\nif(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:edgeVer, test_version:\"11.0.10240.17113\"))\n {\n Vulnerable_range = \"Less than 11.0.10240.17113\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.588\"))\n {\n Vulnerable_range = \"11.0.10586.0 - 11.0.10586.588\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + edgePath + \"\\edgehtml.dll\"+ '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:27:55", "bulletinFamily": "scanner", "description": "The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3183043. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "modified": "2018-11-15T00:00:00", "id": "SMB_NT_MS16-105.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93465", "published": "2016-09-13T00:00:00", "title": "MS16-105: Cumulative Security Update for Microsoft Edge (3183043)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93465);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:32\");\n\n script_cve_id(\n \"CVE-2016-3247\",\n \"CVE-2016-3291\",\n \"CVE-2016-3294\",\n \"CVE-2016-3295\",\n \"CVE-2016-3297\",\n \"CVE-2016-3325\",\n \"CVE-2016-3330\",\n \"CVE-2016-3350\",\n \"CVE-2016-3351\",\n \"CVE-2016-3370\",\n \"CVE-2016-3374\",\n \"CVE-2016-3377\"\n );\n script_bugtraq_id(\n 92788,\n 92789,\n 92793,\n 92797,\n 92807,\n 92828,\n 92829,\n 92830,\n 92832,\n 92834,\n 92838,\n 92839\n );\n script_xref(name:\"MSFT\", value:\"MS16-105\");\n script_xref(name:\"MSKB\", value:\"3185611\");\n script_xref(name:\"MSKB\", value:\"3185614\");\n script_xref(name:\"MSKB\", value:\"3189866\");\n\n script_name(english:\"MS16-105: Cumulative Security Update for Microsoft Edge (3183043)\");\n script_summary(english:\"Checks the file version of edgehtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is\nmissing Cumulative Security Update 3183043. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An unauthenticated, remote attacker can\nexploit these vulnerabilities by convincing a user to visit a\nspecially crafted website, resulting in the execution of arbitrary\ncode in the context of the current user.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-105\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS16-105';\nkbs = make_list('3185611', '3185614', '3189866');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\n# Server core is not affected\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.14393.187\", os_build:\"14393\", dir:\"\\system32\", bulletin:bulletin, kb:\"3189866\") ||\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.10586.589\", os_build:\"10586\", dir:\"\\system32\", bulletin:bulletin, kb:\"3185614\") ||\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.10240.17113\", os_build:\"10240\", dir:\"\\system32\", bulletin:bulletin, kb:\"3185611\")\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:15:06", "bulletinFamily": "info", "description": "### *Detect date*:\n09/13/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions from 9 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-3247](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3247>) \n[CVE-2016-3291](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3291>) \n[CVE-2016-3292](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3292>) \n[CVE-2016-3294](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3294>) \n[CVE-2016-3295](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3295>) \n[CVE-2016-3370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3370>) \n[CVE-2016-3374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3374>) \n[CVE-2016-3324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3324>) \n[CVE-2016-3375](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3375>) \n[CVE-2016-3330](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3330>) \n[CVE-2016-3325](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3325>) \n[CVE-2016-3297](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3297>) \n[CVE-2016-3350](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3350>) \n[CVE-2016-3351](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3351>) \n[CVE-2016-3353](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3353>) \n[CVE-2016-3377](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-3377>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2016-3247](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3247>)5.1Critical \n[CVE-2016-3291](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3291>)2.6Critical \n[CVE-2016-3292](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3292>)5.1Critical \n[CVE-2016-3294](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3294>)7.6Critical \n[CVE-2016-3295](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3295>)5.1Critical \n[CVE-2016-3370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3370>)4.3Critical \n[CVE-2016-3374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3374>)4.3Critical \n[CVE-2016-3324](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3324>)6.8Critical \n[CVE-2016-3375](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3375>)7.6Critical \n[CVE-2016-3330](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3330>)7.6Critical \n[CVE-2016-3325](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3325>)2.6Critical \n[CVE-2016-3297](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3297>)6.8Critical \n[CVE-2016-3350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3350>)7.6Critical \n[CVE-2016-3351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3351>)2.6Critical \n[CVE-2016-3353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3353>)5.1Critical \n[CVE-2016-3377](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3377>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3185611](<http://support.microsoft.com/kb/3185611>) \n[3185614](<http://support.microsoft.com/kb/3185614>) \n[3189866](<http://support.microsoft.com/kb/3189866>) \n[3185319](<http://support.microsoft.com/kb/3185319>)", "modified": "2019-03-07T00:00:00", "published": "2016-09-13T00:00:00", "id": "KLA10875", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10875", "title": "\r KLA10875Multiple vulnerabilities in Microsoft Edge and Internet Explorer ", "type": "kaspersky", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
