CVE-2016-3215 : Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to ob

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.

Published 2016-06-16 01:59:20

Updated 2019-05-15 17:48:18

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2016-3215

Probability of exploitation activity in the next 30 days: 45.50%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-3215

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-3215

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-3215

http://www.securitytracker.com/id/1036099

Microsoft Edge Multiple Bugs Let Remote Users Bypass Security, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.zerodayinitiative.com/advisories/ZDI-16-370

ZDI-16-370 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-080

Microsoft Security Bulletin MS16-080 - Important | Microsoft Docs
Patch;Vendor Advisory

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068

Microsoft Security Bulletin MS16-068 - Critical | Microsoft Docs
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2016-3215

Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Edge » Version: N/A
cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10
When used together with: Microsoft » Windows 10 » Version: 1511

Vulnerability Details : CVE-2016-3215

Exploit prediction scoring system (EPSS) score for CVE-2016-3215

CVSS scores for CVE-2016-3215

CWE ids for CVE-2016-3215

References for CVE-2016-3215

Products affected by CVE-2016-3215