Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2016-7239

Опубликовано: 08 нояб. 2016
Источник: msrc
EPSS Средний

Описание

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft browser XSS filter is abused to leak sensitive page information. An attacker who successfully exploited the vulnerability could obtain sensitive information from certain web pages.

To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.

The update addresses the vulnerability by changing how the XSS filter handles RegEx.

Обновления

ПродуктСтатьяОбновление
Internet Explorer 10 on Windows Server 2012
31978773197876
Monthly RollupSecurity Only
Internet Explorer 11 on Windows 8.1 for 32-bit systems
31978743197873
Monthly RollupSecurity Only
Internet Explorer 11 on Windows 8.1 for x64-based systems
31978743197873
Monthly RollupSecurity Only
Internet Explorer 11 on Windows Server 2012 R2
31978743197873
Monthly RollupSecurity Only
Internet Explorer 11 on Windows RT 8.1
3197874
-
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
31978683197867
Monthly RollupSecurity Only
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
31978683197867
Monthly RollupSecurity Only
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
31978683197867
Monthly RollupSecurity Only
Internet Explorer 11 on Windows 10 for 32-bit Systems
3198585
Security Update
Internet Explorer 11 on Windows 10 for x64-based Systems
3198585
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Unlikely

Older Software Release

Exploitation Unlikely

EPSS

Процентиль: 94%
0.1353
Средний

Связанные уязвимости

nvd логотип

CVE-2016-7239

CVSS3: 3.1
nvd
около 9 лет назад

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

github логотип

GHSA-ggwj-4xw9-ff5x

CVSS3: 3.1
github
больше 3 лет назад

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

fstec логотип

BDU:2016-02360

fstec
около 9 лет назад

Уязвимость браузеров Microsoft Edge и Internet Explorer, позволяющая нарушителю получить конфиденциальную информацию или провести XSS-атаки

EPSS

Процентиль: 94%
0.1353
Средний