Vulnerability Name: | CVE-2016-3374 (CCN-116446) | ||||||||||||
Assigned: | 2016-09-13 | ||||||||||||
Published: | 2016-09-13 | ||||||||||||
Updated: | 2018-10-12 | ||||||||||||
Summary: | The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370. | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MISC Type: UNKNOWN http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html Source: MITRE Type: CNA CVE-2016-3374 Source: MISC Type: UNKNOWN http://srcincite.io/advisories/src-2016-39/ Source: CCN Type: Microsoft Security Bulletin MS16-105 Cumulative Security Update for Microsoft Edge (3183043) Source: CCN Type: Microsoft Security Bulletin MS16-115 Security Update for Microsoft Windows PDF Library (3188733) Source: CCN Type: Microsoft Security Bulletin MS16-119 Cumulative Security Update for Microsoft Edge (3192890) Source: CCN Type: Microsoft Security Bulletin MS16-129 Cumulative Security Update for Microsoft Edge (3199057) Source: CCN Type: Microsoft Security Bulletin MS16-145 Cumulative Security Update for Microsoft Edge (3204062) Source: CCN Type: Microsoft Security Bulletin MS17-001 Cumulative Security Update for Microsoft Edge (3214288) Source: CCN Type: Microsoft Security Bulletin MS17-007 Security Update for Microsoft Edge (4013071) Source: BID Type: UNKNOWN 92838 Source: CCN Type: BID-92838 Microsoft Windows PDF Library CVE-2016-3374 Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1036789 Source: MS Type: UNKNOWN MS16-105 Source: MS Type: UNKNOWN MS16-115 Source: XF Type: UNKNOWN ms-pdf-cve20163374-info-disc(116446) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |