CVE-2016-7281

MEDIUM

Microsoft Edge - Security Feature Bypass

Title source: rule

Description

The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94723

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037444

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145

Scores

CVSS v3 5.3

EPSS 0.2247

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-254

Status published

Affected Products (4)

microsoft/edge

microsoft/internet_explorer

n/a/n/a

Timeline

Published Dec 20, 2016

Tracked Since Feb 18, 2026