CVE-2016-0162

CVSS 4.3 MEDIUMEPSS 22.1%● KEV

In short

Internet Explorer 9-11 has a flaw that allows attackers to discover what files exist on a user's computer by using specially crafted JavaScript code. This is dangerous because it leaks information about your system that should be private.

Technical detail

A JavaScript-based information disclosure vulnerability in Internet Explorer 9-11 allows remote attackers to infer the existence of local files through crafted script execution in the browser context. The attack requires user interaction (visiting a malicious webpage) and succeeds due to improper file existence validation; the attacker gains non-sensitive directory enumeration capabilities but cannot read file contents.

Summary generated and translated by AI from the official description.

Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0162 http://www.securityfocus.com/bid/85939 http://www.securitytracker.com/id/1035521