Skip to main content

Edge CVE-2016-7227

LOW
Information Exposure (CWE-200)
2016-11-10 secure@microsoft.com
3.1
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 10, 2016 - 06:59 cve.org
LOW 3.1

DescriptionCVE.org

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

AnalysisAI

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.1% and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." Affected products include: Microsoft Edge, Microsoft Internet Explorer. Version information: through 11.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Edge

View all
CVE-2017-0070 HIGH POC
7.5 Mar 17

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling object

CVE-2016-7286 HIGH POC
7.5 Dec 20

The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (m

CVE-2017-8636 HIGH POC
7.5 Aug 08

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Serve

CVE-2017-8671 HIGH POC
7.5 Aug 08

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary

CVE-2017-8656 HIGH POC
7.5 Aug 08

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code

CVE-2017-8646 HIGH POC
7.5 Aug 08

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t

CVE-2017-8645 HIGH POC
7.5 Aug 08

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t

CVE-2017-8640 HIGH POC
7.5 Aug 08

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary cod

CVE-2017-8601 HIGH POC
7.5 Jul 11

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute

CVE-2017-11870 HIGH POC
7.5 Nov 15

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the

CVE-2017-11841 HIGH POC
7.5 Nov 15

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, versio

CVE-2017-11840 HIGH POC
7.5 Nov 15

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, versio

Share

CVE-2016-7227 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy