Oval Definition:oval:org.cisecurity:def:1650
Revision Date:2017-01-27Version:13
Title:Microsoft Browser Security Feature Bypass - CVE-2016-7281 (MS16-144/145)
Description:The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-7281
MS16-144
MS16-145
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Product(s):Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis
  • IE10 + 2012 + file version
  • Microsoft Internet Explorer 10 is installed
  • AND Microsoft Windows Server 2012 is installed
  • AND Check if the version of Mshtml.dll is less than 10.0.9200.22028
  • OR IE11 + vulnerable OS + file version
  • Microsoft Internet Explorer 11 is installed
  • AND vulnerable windows OS + vulnerable file version
  • Win7/2008 R2/2012/Win8.1/2012 R2 + file version
  • Win7/2008 R2/2012/Win8.1/2012 R2
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • OR Microsoft Windows Server 2012 is installed
  • OR Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND file version
  • Check if the version of Mshtml.dll is less than 11.0.9600.18538
  • OR Win10 + file version
  • Win10
  • Microsoft Windows 10 (x86) is installed
  • OR Microsoft Windows 10 (x64) is installed
  • AND file version
  • Check if the version of Mshtml.dll is less than 11.0.10240.17202
  • OR 1511 + file version
  • Win10
  • Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • AND file version
  • Check if the version of Mshtml.dll is less than 11.0.10586.713
  • OR 1607/2016 + file version
  • 1607/2016
  • Microsoft Windows 10 Version 1607 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1607 (64-bit) is installed
  • OR Microsoft Windows Server 2016 is installed
  • AND file version
  • Check if the version of Mshtml.dll is less than 11.0.14393.576
  • OR Edge + vulnerable os and file version
  • Microsoft Edge is installed
  • AND vulnerable os and file version
  • Win10 + file version
  • Win10
  • Microsoft Windows 10 (x86) is installed
  • OR Microsoft Windows 10 (x64) is installed
  • AND file version
  • Check if the version of edgehtml.dll is less than 11.0.10240.17202
  • OR 1511 + file version
  • Win10
  • Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • AND file version
  • Check if the version of edgehtml.dll is less than 11.0.10586.713
  • OR 1607/2016 + file version
  • 1607/2016
  • Microsoft Windows 10 Version 1607 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1607 (64-bit) is installed
  • OR Microsoft Windows Server 2016 is installed
  • AND file version
  • Check if the version of edgehtml.dll is less than 11.0.14393.576
    • BACK