Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2016-7206

Опубликовано: 13 дек. 2016
Источник: msrc
CVSS3: 4.3
EPSS Низкий

Описание

Microsft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft browsers do not properly validate content under specific conditions. An attacker who exploited the vulnerability could run arbitrary code that could lead to an information disclosure.

In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. However, in all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site.

The security update addresses the vulnerability by correcting how Microsoft browsers validate content.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems
3205383
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems
3205383
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems
3205386
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems
3205386
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems
3206632
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems
3206632
Security Update
Microsoft Edge (EdgeHTML-based) on Windows Server 2016
3206632
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

No

Latest Software Release

Exploitation Unlikely

Older Software Release

N/A

EPSS

Процентиль: 84%
0.02185
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2016-7206

CVSS3: 6.1
nvd
больше 8 лет назад

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.

github логотип

GHSA-8fhf-75fw-x2xx

CVSS3: 6.1
github
около 3 лет назад

Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.

EPSS

Процентиль: 84%
0.02185
Низкий

4.3 Medium

CVSS3