Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-92835
HistorySep 13, 2016 - 12:00 a.m.

Microsoft VBScript CVE-2016-3375 Remote Memory Corruption Vulnerability

2016-09-1300:00:00
Symantec Security Response
www.symantec.com
11

0.316 Low

EPSS

Percentile

97.0%

JSON

Description

Microsoft VBScript is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can take advantage of this vulnerability to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Technologies Affected

  • Microsoft Internet Explorer 10
  • Microsoft Internet Explorer 11
  • Microsoft Internet Explorer 9
  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Vista Service Pack 2
  • Microsoft Windows Vista x64 Edition Service Pack 2

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Implement multiple redundant layers of security.
Memory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.

Related

zdi 2
prion 1
openvas 2
cvelist 1
nvd 1
mskb 7
cve 1
nessus 2
mscve 1
checkpoint_advisories 1
kaspersky 3
zdi
zdi
Microsoft Windows ADO Recordset Update Use-After-Free Information Disclosure Vulnerability
2017-01-10 00:00:00
Microsoft Windows ADO Recordset GetRows Use-After-Free Information Disclosure Vulnerability
2017-01-10 00:00:00
prion
prion
Memory corruption
2016-09-14 10:59:00
openvas
openvas
Microsoft VBScript Scripting Engine OLE Automation Memory Corruption Vulnerability (3188724)
2016-09-14 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (3183038)
2016-09-14 00:00:00
cvelist
cvelist
CVE-2016-3375
2016-09-14 10:00:00
nvd
nvd
CVE-2016-3375
2016-09-14 10:59:50
mskb
mskb
MS16-116: Description of the security update for OLE Automation for VBScript Scripting Engine: September 13, 2016
2016-09-13 07:00:00
MS16-116: Security update in OLE Automation for VBScript Scripting Engine: September 13, 2016
2016-09-13 00:00:00
MS16-104: Security update for Internet Explorer: September 13, 2016
2016-09-13 07:00:00
cve
cve
CVE-2016-3375
2016-09-14 10:59:50
nessus
nessus
MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724)
2016-09-22 00:00:00
MS16-104: Cumulative Security Update for Internet Explorer (3183038)
2016-09-13 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2016-09-13 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3375; CVE-2017-11913)
2016-09-13 00:00:00
kaspersky
kaspersky
KLA11907 Multiple vulnerabilities in Microsoft Products (ESU)
2016-09-13 00:00:00
KLA10875 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
2016-09-13 00:00:00
KLA10870 Multiple vulnerabilities in Microsoft Windows
2016-09-13 00:00:00

0.316 Low

EPSS

Percentile

97.0%

JSON
Related for SMNTC-92835
zdi2prion1openvas2cvelist1nvd1mskb7cve1nessus2mscve1checkpoint_advisories1kaspersky3