CVE-2016-3325

Microsoft WININET.dll - 'CHttpHeaderParser::ParseStatusLine' Out-of-Bounds Read (MS16-104/MS16-105)

Severity Score

3.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos obtener información sensible a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability".

A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET to make a request to a server under his/her control may be able to disclose information stored after this memory block. This includes Microsoft Internet Explorer.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-03-15 CVE Reserved
2016-09-14 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2024-09-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (6)

URL	Tag	Source
http://www.securityfocus.com/bid/92832	Vdb Entry
http://www.securitytracker.com/id/1036788	Vdb Entry
http://www.securitytracker.com/id/1036789	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/40747	2024-08-05

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104	2018-10-12
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105	2018-10-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Edge Search vendor "Microsoft" for product "Edge"				-		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				11 Search vendor "Microsoft" for product "Internet Explorer" and version "11"		-		Affected

CVE-2016-3325

Microsoft WININET.dll - 'CHttp­Header­Parser::Parse­Status­Line' Out-of-Bounds Read (MS16-104/MS16-105)

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

References (6)

Affected Vendors, Products, and Versions

Microsoft WININET.dll - 'CHttpHeaderParser::ParseStatusLine' Out-of-Bounds Read (MS16-104/MS16-105)