CISA KEV 정보
| 취약점명 | Microsoft Internet Explorer and Edge Information Disclosure Vulnerability |
|---|---|
| 설명 | An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-200 |
| 등록일 (KEV) | 2022-05-24 |
| 조치 기한 | 2022-06-14 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2016-3351 |
NVD 상세 정보
CVSS v3.1: 6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NCVSS v2.0: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N설명: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
참조
- http://www.securityfocus.com/bid/92788 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1036788 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1036789 [Broken Link, Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 [Patch, Vendor Advisory]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105 [Patch, Vendor Advisory]
- https://www.brokenbrowser.com/detecting-apps-mimetype-malware/ [Exploit]
- http://www.securityfocus.com/bid/92788 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1036788 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1036789 [Broken Link, Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 [Patch, Vendor Advisory]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105 [Patch, Vendor Advisory]
- https://www.brokenbrowser.com/detecting-apps-mimetype-malware/ [Exploit]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3351
This product uses the NVD API but is not endorsed or certified by the NVD.