CVE-2016-3374
MEDIUMMicrosoft Edge and Windows PDF Library - Information Disclosure via Crafted Website
Title source: llmDescription
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036789
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115
Various Sources x_refsource_misc
http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92838
Various Sources x_refsource_misc
http://srcincite.io/advisories/src-2016-39/
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105
Scores
CVSS v3
6.5
EPSS
0.2585
EPSS Percentile
97.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (8)
microsoft/edge
microsoft/windows_10
microsoft/windows_10
1511
microsoft/windows_10
1607
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2012
microsoft/windows_server_2012
r2
Published
Sep 14, 2016
Tracked Since
Feb 18, 2026