Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2016-3370
HistorySep 14, 2016 - 10:59 a.m.

CVE-2016-3370

2016-09-1410:59:44
CWE-200
microsoft
web.nvd.nist.gov
53
4
cve-2016-3370
pdf library
microsoft edge
windows
information disclosure
vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.53

Percentile

97.7%

JSON

The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka “PDF Library Information Disclosure Vulnerability,” a different vulnerability than CVE-2016-3374.

Affected configurations

Nvd
Node
microsoftedgeMatch-
OR
microsoftwindows_10Match-
OR
microsoftwindows_10Match1511
OR
microsoftwindows_10Match1607
OR
microsoftwindows_8.1
OR
microsoftwindows_rt_8.1
OR
microsoftwindows_server_2012Match-
OR
microsoftwindows_server_2012Matchr2
VendorProductVersionCPE
microsoftedge-cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_101511cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_8.1*cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
microsoftwindows_rt_8.1*cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
microsoftwindows_server_2012-cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
microsoftwindows_server_2012r2cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Social References

More

Related

mskb 6
cve 1
cvelist 2
nvd 2
prion 2
openvas 2
nessus 2
symantec 2
mscve 2
checkpoint_advisories 2
srcincite 1
kaspersky 2
mskb
mskb
MS16-115: Description of the security update for Microsoft Windows PDF Library: September 13, 2016
2016-09-13 07:00:00
MS16-115: Security update for Microsoft Windows PDF Library: September 13, 2016
2016-09-13 00:00:00
MS16-105: Cumulative security update for Microsoft Edge: September 13, 2016
2016-09-13 00:00:00
cve
cve
CVE-2016-3374
2016-09-14 10:59:49
cvelist
cvelist
CVE-2016-3370
2016-09-14 10:00:00
CVE-2016-3374
2016-09-14 10:00:00
nvd
nvd
CVE-2016-3374
2016-09-14 10:59:49
CVE-2016-3370
2016-09-14 10:59:44
prion
prion
Information disclosure
2016-09-14 10:59:00
Information disclosure
2016-09-14 10:59:00
openvas
openvas
Microsoft Windows PDF Library Multiple Information Disclosure Vulnerabilities (3188733)
2016-09-14 00:00:00
Microsoft Edge Multiple Vulnerabities (3183043)
2016-09-14 00:00:00
nessus
nessus
MS16-115: Security Update for Microsoft Windows PDF Library (3188733)
2016-09-13 00:00:00
MS16-105: Cumulative Security Update for Microsoft Edge (3183043)
2016-09-13 00:00:00
symantec
symantec
Microsoft Windows PDF Library CVE-2016-3370 Remote Code Execution Vulnerability
2016-09-13 00:00:00
Microsoft Windows PDF Library CVE-2016-3374 Remote Code Execution Vulnerability
2016-09-13 00:00:00
mscve
mscve
Microsoft Browser Information Disclosure Vulnerability
2016-09-13 07:00:00
Microsoft Browser Information Disclosure Vulnerability
2016-09-13 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows PDF Library Remote Code Execution (MS16-080: CVE-2016-3203; CVE-2016-3370)
2016-09-13 00:00:00
Microsoft Windows PDF Library Information Disclosure (MS16-115: CVE-2016-3374)
2016-09-13 00:00:00
srcincite
srcincite
SRC-2016-0039 : Microsoft Windows PDF Library PostScript Calculator Out-of-Bounds Read Information Disclosure Vulnerability
2016-06-09 00:00:00
kaspersky
kaspersky
KLA10875 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
2016-09-13 00:00:00
KLA10870 Multiple vulnerabilities in Microsoft Windows
2016-09-13 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.53

Percentile

97.7%

JSON
Related for CVE-2016-3370
mskb6cve1cvelist2nvd2prion2openvas2nessus2symantec2mscve2checkpoint_advisories2srcincite1kaspersky2