CVE-2016-3353 Information
Feb 14, 2021
cve
Description
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone which allows remote attackers to bypass intended access restrictions via a crafted file aka \Internet Explorer Security Feature Bypass.\
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/92827 http://www.securitytracker.com/id/1036788 http://zerodayinitiative.com/advisories/ZDI-16-506/ https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104 Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone which allows remote attackers to bypass intended access restrictions via a crafted file aka \Internet Explorer Security Feature Bypass.\
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.3
Share on: