Vulnerabilities > CVE-2016-7281 - 7PK - Security Features vulnerability in Microsoft Edge and Internet Explorer

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
microsoft
CWE-254
nessus

Summary

The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

Common Weakness Enumeration (CWE)

Msbulletin

  • bulletin_idMS16-145
    bulletin_url
    date2016-12-13T00:00:00
    impactRemote Code Execution
    knowledgebase_id3204062
    knowledgebase_url
    severityCritical
    titleCumulative Security Update for Microsoft Edge
  • bulletin_idMS16-144
    bulletin_url
    date2016-12-13T00:00:00
    impactRemote Code Execution
    knowledgebase_id3204059
    knowledgebase_url
    severityCritical
    titleCumulative Security Update for Internet Explorer

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS16-145.NASL
    descriptionThe version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3204062. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id95809
    published2016-12-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95809
    titleMS16-145: Cumulative Security Update for Microsoft Edge (3204062)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS16-144.NASL
    descriptionThe version of Internet Explorer installed on the remote Windows host is missing Cumulative Security Update 3204059. It is, therefore, affected by multiple vulnerabilities, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id95764
    published2016-12-13
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95764
    titleMS16-144: Cumulative Security Update for Internet Explorer (3204059)

The Hacker News

idTHN:656D85172DFE1EB9F536785F3909D1F7
last seen2018-01-27
modified2016-12-14
published2016-12-14
reporterMohit Kumar
sourcehttps://thehackernews.com/2016/12/microsoft-security-update.html
titleMicrosoft releases 12 Security Updates; Including 6 Critical Patches