Vulnerabilities > CVE-2016-3297 - Unspecified vulnerability in Microsoft Edge and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Msbulletin
bulletin_id | MS16-104 |
bulletin_url | |
date | 2016-09-13T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 3183038 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Internet Explorer |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS16-105.NASL description The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3183043. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. last seen 2020-06-01 modified 2020-06-02 plugin id 93465 published 2016-09-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93465 title MS16-105: Cumulative Security Update for Microsoft Edge (3183043) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93465); script_version("1.14"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2016-3247", "CVE-2016-3291", "CVE-2016-3294", "CVE-2016-3295", "CVE-2016-3297", "CVE-2016-3325", "CVE-2016-3330", "CVE-2016-3350", "CVE-2016-3351", "CVE-2016-3370", "CVE-2016-3374", "CVE-2016-3377" ); script_bugtraq_id( 92788, 92789, 92793, 92797, 92807, 92828, 92829, 92830, 92832, 92834, 92838, 92839 ); script_xref(name:"MSFT", value:"MS16-105"); script_xref(name:"MSKB", value:"3185611"); script_xref(name:"MSKB", value:"3185614"); script_xref(name:"MSKB", value:"3189866"); script_name(english:"MS16-105: Cumulative Security Update for Microsoft Edge (3183043)"); script_summary(english:"Checks the file version of edgehtml.dll."); script_set_attribute(attribute:"synopsis", value: "The remote host has a web browser installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3183043. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-105"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 10."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3377"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS16-105'; kbs = make_list('3185611', '3185614', '3189866'); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1); # Server core is not affected if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"10", sp:0, file:"edgehtml.dll", version:"11.0.14393.187", os_build:"14393", dir:"\system32", bulletin:bulletin, kb:"3189866") || hotfix_is_vulnerable(os:"10", sp:0, file:"edgehtml.dll", version:"11.0.10586.589", os_build:"10586", dir:"\system32", bulletin:bulletin, kb:"3185614") || hotfix_is_vulnerable(os:"10", sp:0, file:"edgehtml.dll", version:"11.0.10240.17113", os_build:"10240", dir:"\system32", bulletin:bulletin, kb:"3185611") ) { set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS16-104.NASL description The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3183038. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. last seen 2020-06-01 modified 2020-06-02 plugin id 93464 published 2016-09-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93464 title MS16-104: Cumulative Security Update for Internet Explorer (3183038) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93464); script_version("1.11"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2016-3247", "CVE-2016-3291", "CVE-2016-3292", "CVE-2016-3295", "CVE-2016-3297", "CVE-2016-3324", "CVE-2016-3325", "CVE-2016-3351", "CVE-2016-3353", "CVE-2016-3375" ); script_bugtraq_id( 92788, 92808, 92809, 92827, 92828, 92829, 92830, 92832, 92834, 92835 ); script_xref(name:"MSFT", value:"MS16-104"); script_xref(name:"MSKB", value:"3185319"); script_xref(name:"MSKB", value:"3185611"); script_xref(name:"MSKB", value:"3185614"); script_xref(name:"MSKB", value:"3189866"); script_name(english:"MS16-104: Cumulative Security Update for Internet Explorer (3183038)"); script_summary(english:"Checks the version of mshtml.dll."); script_set_attribute(attribute:"synopsis", value: "The remote host has a web browser installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3183038. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-104"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Internet Explorer 9, 10, and 11. Note that MS16-116 must also be installed to fully resolve CVE-2016-3375."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3375"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("smb_reg_query.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS16-104'; kbs = make_list('3185319', '3185611', '3185614', '3189866'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1); if ("Windows 8" >< productname && "8.1" >!< productname) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( # Windows 10 hotfix_is_vulnerable(os:"10", sp:0, file:"mshtml.dll", version:"11.0.14393.187", os_build:"14393", dir:"\system32", bulletin:bulletin, kb:"3189866") || hotfix_is_vulnerable(os:"10", sp:0, file:"mshtml.dll", version:"11.0.10586.589", os_build:"10586", dir:"\system32", bulletin:bulletin, kb:"3185614") || hotfix_is_vulnerable(os:"10", sp:0, file:"mshtml.dll", version:"11.0.10240.17113", os_build:"10240", dir:"\system32", bulletin:bulletin, kb:"3185611") || # Windows 8.1 / Windows Server 2012 R2 # Internet Explorer 11 hotfix_is_vulnerable(os:"6.3", sp:0, file:"mshtml.dll", version:"11.0.9600.18450", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:"3185319") || # Windows Server 2012 # Internet Explorer 10 hotfix_is_vulnerable(os:"6.2", sp:0, file:"mshtml.dll", version:"10.0.9200.21965", min_version:"10.0.9200.16000", dir:"\system32", bulletin:bulletin, kb:"3185319") || # Windows 7 / Server 2008 R2 # Internet Explorer 11 hotfix_is_vulnerable(os:"6.1", sp:1, file:"mshtml.dll", version:"11.0.9600.18450", min_version:"11.0.9600.17000", dir:"\system32", bulletin:bulletin, kb:"3185319") || # Vista / Windows Server 2008 # Internet Explorer 9 hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"9.0.8112.20941", min_version:"9.0.8112.20000", dir:"\system32", bulletin:bulletin, kb:"3185319") || hotfix_is_vulnerable(os:"6.0", sp:2, file:"mshtml.dll", version:"9.0.8112.16819", min_version:"9.0.8112.16000", dir:"\system32", bulletin:bulletin, kb:"3185319") ) { set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
References
- http://www.securityfocus.com/bid/92829
- http://www.securityfocus.com/bid/92829
- http://www.securitytracker.com/id/1036788
- http://www.securitytracker.com/id/1036788
- http://www.securitytracker.com/id/1036789
- http://www.securitytracker.com/id/1036789
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105