CVE-2016-3385

Loading...

General

Score:9.3/10.0
Severity:High
Category:Buffer Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079, CVE-2016-0142, CVE-2016-3209, CVE-2016-3237, CVE-2016-3262, CVE-2016-3263, CVE-2016-3266, CVE-2016-3267, CVE-2016-3270, CVE-2016-3298, CVE-2016-3331, CVE-2016-3332, CVE-2016-3333, CVE-2016-3341, CVE-2016-3376, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016-3386, CVE-2016-3387, CVE-2016-3388, CVE-2016-3389, CVE-2016-3390, CVE-2016-3391, CVE-2016-3392, CVE-2016-3393, CVE-2016-3396, CVE-2016-7182, CVE-2016-7185, CVE-2016-7188, CVE-2016-7211

Published on 14/10/16 - Updated on 13/10/18

Description

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2016-3385
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-337
Microsoft MS16-118
Microsoft 3185330, 3185331, 3185332, 3191492, 3192440, 3192441, 3194798
Renater 2016/VULN342

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
microsoftinternet_explorer

Share this vulnerability with:

Twitter Facebook LinkedIn Mail