Описание
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.
The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.
FAQ
In addition to installing this update are there any further steps I need to carry out to be protected from any of the vulnerabilities discussed in this bulletin? Yes. For Vista and Windows Server 2008 operating systems installing the 3203621 cumulative update by itself does not fully protect against CVE-2016-7278 — you must also install security update 3208481 to be fully protected from the vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Windows Hyperlink Object Library on Windows Vista Service Pack 2 | ||
| Microsoft Windows Hyperlink Object Library on Windows Vista x64 Edition Service Pack 2 | ||
| Microsoft Windows Hyperlink Object Library on Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Microsoft Windows Hyperlink Object Library on Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Internet Explorer 10 on Windows Server 2012 | ||
| Internet Explorer 11 on Windows 8.1 for 32-bit systems | ||
| Internet Explorer 11 on Windows 8.1 for x64-based systems | ||
| Internet Explorer 11 on Windows Server 2012 R2 | ||
| Internet Explorer 11 on Windows RT 8.1 | - | |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
2.4 Low
CVSS3
Связанные уязвимости
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
Уязвимость браузера Internet Explorer, позволяющая нарушителю получить конфиденциальную информацию из памяти процесса
EPSS
2.4 Low
CVSS3