Vulnerabilities > CVE-2016-0158 - 7PK - Security Features vulnerability in Microsoft Edge
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS16-038 |
bulletin_url | |
date | 2016-04-12T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 3148532 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Microsoft Edge |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS16-038.NASL |
description | The version of Microsoft Edge installed on the remote host is missing Cumulative Security Update 3148532. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. (CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157) - A privilege escalation vulnerability exists due to improper enforcement of cross-domain policies. An attacker can exploit this vulnerability by convincing a user to visit a specially crafted website, allowing the attacker to inject information from an outside domain. (CVE-2016-0158) - A privilege escalation vulnerability exists due to improper validation of JavaScript. An attacker can exploit this, by convincing a user to visit a specially crafted website, to run JavaScript at a higher privilege level than is allowed. (CVE-2016-0161) Note that CVE-2016-0155 will only affect Windows client installations running at the version 1511 level. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 90432 |
published | 2016-04-12 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/90432 |
title | MS16-038: Cumulative Security Update for Microsoft Edge (3148532) |
code |
|
References
- http://www.securitytracker.com/id/1035522
- http://www.securitytracker.com/id/1035522
- http://www.zerodayinitiative.com/advisories/ZDI-16-233
- http://www.zerodayinitiative.com/advisories/ZDI-16-233
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-038
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-038