Detections
Analytics
MS16-105: Cumulative Security Update for Microsoft Edge (3183043)
high Nessus Plugin ID 93465
Language:
Synopsis
The remote host has a web browser installed that is affected by multiple vulnerabilities.Description
The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 3183043. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.Solution
Microsoft has released a set of patches for Windows 10.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-105
Plugin Details
Severity: High
ID: 93465
File Name: smb_nt_ms16-105.nasl
Version: 1.15
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 9/13/2016
Updated: 5/25/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 6.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2016-3377
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2016-3297
Vulnerability Information
CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:edge
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/13/2016
Vulnerability Publication Date: 9/13/2016
CISA Known Exploited Vulnerability Due Dates: 6/14/2022
Reference Information
CVE: CVE-2016-3247, CVE-2016-3291, CVE-2016-3294, CVE-2016-3295, CVE-2016-3297, CVE-2016-3325, CVE-2016-3330, CVE-2016-3350, CVE-2016-3351, CVE-2016-3370, CVE-2016-3374, CVE-2016-3377
BID: 92788, 92789, 92793, 92797, 92807, 92828, 92829, 92830, 92832, 92834, 92838, 92839