CVE-2016-3374

medium

Description

The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370.

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105

http://www.securitytracker.com/id/1036789

http://www.securityfocus.com/bid/92838

http://srcincite.io/advisories/src-2016-39/

http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html

Details

Source: Mitre, NVD

Published: 2016-09-14

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium