Vulnerability CVE-2016-3374

Vulnerability CVE-2016-3374

Published: 2016-09-14

Description:

The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Microsoft -> EDGE
Microsoft -> Windows 10
Microsoft -> Windows 8.1
Microsoft -> Windows rt 8.1
Microsoft -> Windows server 2012

References:

http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html

http://srcincite.io/advisories/src-2016-39/

http://www.securityfocus.com/bid/92838

http://www.securitytracker.com/id/1036789

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115

Copyright 2024, cxsecurity.com