CVE-2016-3325

LOW

Microsoft Edge and Internet Explorer 11 - Information Disclosure via Crafted Web Site

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3325. PoCs published by Skylined.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in WININET.dll (CVE-2016-3325) by crafting a malformed HTTP 100 response to trigger an out-of-bounds read. The PoC uses JavaScript and XMLHttpRequest to exploit the flaw in Microsoft Edge and Internet Explorer.

Description

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmldoswindows

https://www.exploit-db.com/exploits/40747

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in WININET.dll (CVE-2016-3325) by crafting a malformed HTTP 100 response to trigger an out-of-bounds read. The PoC uses JavaScript and XMLHttpRequest to exploit the flaw in Microsoft Edge and Internet Explorer.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft WININET.dll (Windows 10, Internet Explorer, Microsoft Edge)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a crafted media file link · JavaScript must be enabled in the browser

MITRE ATT&CK