CVE-2016-3321

Published on: 08/09/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Certain versions of Internet Explorer from Microsoft contain the following vulnerability:

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."

  • CVE-2016-3321 has been assigned by [email protected] to track the vulnerability - currently rated as LOW severity.

CVSS3 Score: 2.5 - LOW

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 1.9 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Microsoft Internet Explorer Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036562
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability
Microsoft Security Bulletin MS16-095 - Critical | Microsoft Docs docs.microsoft.com
text/html
URL Logo MS MS16-095
Microsoft Internet Explorer CVE-2016-3321 Local Information Disclosure Vulnerability cve.report (archive)
text/html
URL Logo BID 92291
Securify - security advisories - Internet Explorer iframe sandbox local file name disclosure vulnerability Third Party Advisory
VDB Entry
www.securify.nl
text/html
URL Logo MISC www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html
Full Disclosure: Internet Explorer iframe sandbox local file name disclosure vulnerability Mailing List
Third Party Advisory
seclists.org
text/html
URL Logo FULLDISC 20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrosoftInternet Explorer10AllAllAll
ApplicationMicrosoftInternet Explorer11-AllAll
ApplicationMicrosoftInternet Explorer10AllAllAll
ApplicationMicrosoftInternet Explorer11-AllAll
  • cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*: