CVE-2016-3291

EUVD-2016-4324
Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.4 LOW
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
microsoftedge
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB3185611
1511 (x64, x86)
KB3185614
1607 (x64, x86)
KB3189866
Windows 8.1
(x64, x86)
KB3185319
Windows RT 8.1
All
KB3185319
Windows Server 2012 R2
Standard
KB3185319
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92834
http://www.securitytracker.com/id/1036788
http://www.securitytracker.com/id/1036789
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
http://www.securityfocus.com/bid/92834
http://www.securitytracker.com/id/1036788
http://www.securitytracker.com/id/1036789
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105