CVE-2016-3321
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
09/08/2016
Last modified:
12/04/2025
Description
Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."
Impact
Base Score 3.x
2.50
Severity 3.x
LOW
Base Score 2.0
1.90
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2016/Aug/44
- http://www.securityfocus.com/archive/1/539174/100/0/threaded
- http://www.securityfocus.com/bid/92291
- http://www.securitytracker.com/id/1036562
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095
- https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html
- http://seclists.org/fulldisclosure/2016/Aug/44
- http://www.securityfocus.com/archive/1/539174/100/0/threaded
- http://www.securityfocus.com/bid/92291
- http://www.securitytracker.com/id/1036562
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095
- https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html