CVE-2016-3247

Published on: 09/14/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Edge from Microsoft contain the following vulnerability:

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-3247 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.5 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 5.1 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK HIGH NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Microsoft Security Bulletin MS16-104 - Critical | Microsoft Docs docs.microsoft.com
text/html
URL Logo MS MS16-104
Microsoft Edge - 'CText­Extractor::Get­Block­Text' Out-of-Bounds Read (MS16-104) - Windows dos Exploit www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40797
Microsoft Internet Explorer Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information, Bypass Security, Execute Arbitrary Code, and Gain Elevated Privileges - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036788
MS Edge CTextExtractor::GetBlockText OOB read blog.skylined.nl
text/html
URL Logo MISC blog.skylined.nl/20161118002.html
No Description Provided cve.report (archive)
text/html
URL Logo BID 92828
Microsoft Security Bulletin MS16-105 - Critical | Microsoft Docs docs.microsoft.com
text/html
URL Logo MS MS16-105
Full Disclosure: CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details seclists.org
text/html
URL Logo FULLDISC 20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details
Microsoft Edge Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036789
SecurityFocus web.archive.org
text/html
Inactive LinkNot Archived
URL Logo BUGTRAQ 20161118 CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrosoftEdge-AllAllAll
ApplicationMicrosoftEdge-AllAllAll
ApplicationMicrosoftInternet Explorer11-AllAll
ApplicationMicrosoftInternet Explorer11-AllAll
  • cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*: