Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure

A vulnerability has been found in Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 (Operating System) and classified as problematic. This vulnerability affects an unknown function of the component Internet Messaging API. Applying the patch MS16-126 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field10/12/2016 10:56 AM04/07/2017 01:23 PM09/23/2022 10:13 AM
namePatchPatchPatch
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
patch_nameMS16-126MS16-126MS16-126
patch_urlhttps://technet.microsoft.com/en-us/library/security/ms16-126.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-126.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-126.aspx
cveCVE-2016-3298CVE-2016-3298CVE-2016-3298
securityfocus_titleMicrosoft Internet Explorer CVE-2016-3298 Multiple Information Disclosure VulnerabilitiesMicrosoft Internet Explorer CVE-2016-3298 Multiple Information Disclosure VulnerabilitiesMicrosoft Internet Explorer CVE-2016-3298 Multiple Information Disclosure Vulnerabilities
qualys_id100297100297100297
qualys_titleMicrosoft Cumulative Security Update for Internet Explorer (MS16-118)Microsoft Cumulative Security Update for Internet Explorer (MS16-118)Microsoft Cumulative Security Update for Internet Explorer (MS16-118)
seealso92553 92554 92555 92556 92557 92558 92559 92560 92564 92569 92571 9257292553 92554 92555 92556 92557 92558 92559 92560 92564 92569 92571 9257292553 92554 92555 92556 92557 92558 92559 92560 92564 92569 92571 92572
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore5.35.35.3
typeOperating SystemOperating SystemOperating System
vendorMicrosoftMicrosoftMicrosoft
nameWindowsWindowsWindows
version7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP27 SP1/Server 2008 R2/Server 2008 SP2/Vista SP27 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2
componentInternet Messaging APIInternet Messaging APIInternet Messaging API
risk111
historic000
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore3.73.73.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss3_meta_basescore4.84.84.8
cvss3_meta_tempscore4.64.64.7
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.14.14.1
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
titlewordFileFileFile
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
locationTechnetTechnetTechnet
typeBulletinBulletinBulletin
urlhttps://technet.microsoft.com/en-us/library/security/ms16-126.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-126.aspxhttps://technet.microsoft.com/en-us/library/security/ms16-126.aspx
identifierMS16-126MS16-126MS16-126
price_0day$25k-$100k$25k-$100k$25k-$100k
cve_assigned1458000000 (03/15/2016)1458000000 (03/15/2016)
cve_nvd_published14763168001476316800
securityfocus9339293392
securityfocus_date1476144000 (10/11/2016)1476144000 (10/11/2016)
securityfocus_classUnknownUnknown
nessus_id9401194011
nessus_nameMS16-118: Cumulative Security Update for Internet Explorer (3192887)MS16-118: Cumulative Security Update for Internet Explorer (3192887)
nessus_filenamesmb_nt_ms16-118.naslsmb_nt_ms16-118.nasl
nessus_familyWindows : Microsoft BulletinsWindows : Microsoft Bulletins
cwe0200 (information disclosure)200 (information disclosure)
cvss2_nvd_avNN
cvss2_nvd_acHH
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiNN
cvss2_nvd_aiNN
cvss3_nvd_avNN
cvss3_nvd_acHH
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iNN
cvss3_nvd_aNN
sectracker1036992
cve_nvd_summaryMicrosoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
cvss2_nvd_basescore2.6

Interested in the pricing of exploits?

See the underground prices here!