6.5
CVE-2016-3298
- EPSS 27.73%
- Published 14.10.2016 02:59:13
- Last modified 12.04.2025 10:46:40
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version9
Microsoft ≫ Internet Explorer Version10
Microsoft ≫ Internet Explorer Version11 Update-
Microsoft ≫ Windows 10 1507 Version-
Microsoft ≫ Windows 10 1511 Version-
Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Rt 8.1 Version-
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows 10 1511 Version-
Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Rt 8.1 Version-
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Vista Version- Updatesp2
24.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability
VulnerabilityAn information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 27.73% | 0.962 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|