CVE-2016-3298

Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

CVSS v3 6.5 MEDIUM
CVSS v2.0 2.6 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/93392	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036992	Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118	Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::

Configuration 2 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::

History

02 Jul 2024, 12:23

Type	Values Removed	Values Added
First Time		Microsoft windows Rt 8.1 Microsoft windows 10 1507 Microsoft windows 10 1607 Microsoft windows 10 1511 Microsoft windows Server 2012 Microsoft windows 8.1
CVSS	v2 : ~~2.6~~ v3 : ~~5.3~~	v2 : 2.6 v3 : 6.5
CPE	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::: cpe:2.3:o:microsoft:windows_7::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::* cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:* cpe:2.3:o:microsoft:windows_server_2012:-:::::::* cpe:2.3:o:microsoft:windows_10_1607:-:::::::* cpe:2.3:o:microsoft:windows_10_1507:-:::::::* cpe:2.3:o:microsoft:windows_8.1:-:::::::* cpe:2.3:o:microsoft:windows_vista:-:sp2:::::: cpe:2.3:o:microsoft:windows_7:-:sp1:::::: cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::: cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::* cpe:2.3:o:microsoft:windows_server_2012:r2:::::::* cpe:2.3:o:microsoft:windows_10_1511:-:::::::* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:*
CWE	~~CWE-200~~	NVD-CWE-noinfo
References	~~() http://www.securityfocus.com/bid/93392 -~~	() http://www.securityfocus.com/bid/93392 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1036992 -~~	() http://www.securitytracker.com/id/1036992 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 - Patch, Vendor Advisory
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126 - Patch, Vendor Advisory

Information

Published : 2016-10-14 02:59

Updated : 2024-07-02 12:23

NVD link : CVE-2016-3298

Mitre link : CVE-2016-3298

CVE.ORG link : CVE-2016-3298

JSON object : View

Products Affected

microsoft

windows_server_2008
internet_explorer
windows_7
windows_10_1607
windows_10_1507
windows_vista
windows_8.1
windows_rt_8.1
windows_10_1511
windows_server_2012

CWE

NVD-CWE-noinfo

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-3298

6.5^/10

2.6^/10

Attach tags to `CVE-2016-3298`