CVE-2016-3247

EUVD-2016-4285
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
microsoftedge
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB3185611
1511 (x64, x86)
KB3185614
1607 (x64, x86)
KB3189866
Windows 8.1
(x64, x86)
KB3185319
Windows RT 8.1
All
KB3185319
Windows Server 2012 R2
Standard
KB3185319
References
http://blog.skylined.nl/20161118002.html
http://seclists.org/fulldisclosure/2016/Nov/111
http://www.securityfocus.com/archive/1/539779/100/0/threaded
http://www.securityfocus.com/bid/92828
http://www.securitytracker.com/id/1036788
http://www.securitytracker.com/id/1036789
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
https://www.exploit-db.com/exploits/40797/
http://blog.skylined.nl/20161118002.html
http://seclists.org/fulldisclosure/2016/Nov/111
http://www.securityfocus.com/archive/1/539779/100/0/threaded
http://www.securityfocus.com/bid/92828
http://www.securitytracker.com/id/1036788
http://www.securitytracker.com/id/1036789
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
https://www.exploit-db.com/exploits/40797/