Oval Definition:oval:org.cisecurity:def:419
Revision Date:2016-04-29Version:40
Title:Internet Explorer Elevation of Privilege Vulnerability - CVE-2016-0068 (MS16-009)
Description:Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0068
Platform(s):Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Definition Synopsis
  • Internet Explorer 9 is installed + vulnerable windows OS + vulnerable file version
  • Microsoft Internet Explorer 9 is installed
  • AND vulnerable windows OS + vulnerable file version
  • Vista/2008 + vulnerable file version
  • Vista/2008
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Check for vulnerable file version
  • Check if the version of mshtml.dll is less than 9.0.8112.16748
  • OR Internet Explorer 10 is installed + vulnerable windows OS + vulnerable file version
  • Microsoft Internet Explorer 10 is installed
  • AND vulnerable windows OS + vulnerable file version
  • 2008 R2/Win7/2012 Server + vulnerable file version
  • 2008 R2/Win7/2012 Server
  • Microsoft Windows 7 is installed
  • OR Microsoft Windows Server 2008 R2 is installed
  • OR Microsoft Windows Server 2012 is installed
  • AND Check for vulnerable file version
  • Check if the version of mshtml.dll is less than 10.0.9200.17640
  • OR Internet Explorer 11 is installed + vulnerable windows OS + vulnerable file version
  • Microsoft Internet Explorer 11 is installed
  • AND vulnerable windows OS + vulnerable file version
  • R2/Win7/2012 Server + vulnerable file version
  • R2/Win7 x86 version
  • Microsoft Windows 7 is installed
  • OR Microsoft Windows Server 2008 R2 is installed
  • OR Microsoft Windows Server 2012 is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • OR Microsoft Windows 8.1 is installed
  • AND Check if the version of mshtml.dll is less than 11.0.9600.18205
    • BACK