An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.
Max CVSS
5.3
EPSS Score
1.48%
Published
2020-06-09
Updated
2021-07-21
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989.
Max CVSS
5.3
EPSS Score
0.62%
Published
2018-04-12
Updated
2020-08-24
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000.
Max CVSS
5.3
EPSS Score
0.62%
Published
2018-04-12
Updated
2020-08-24
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.
Max CVSS
5.3
EPSS Score
1.49%
Published
2017-12-12
Updated
2017-12-26
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.
Max CVSS
5.3
EPSS Score
89.00%
Published
2017-12-12
Updated
2017-12-26
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.
Max CVSS
5.3
EPSS Score
0.65%
Published
2017-12-12
Updated
2017-12-26
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791.
Max CVSS
5.3
EPSS Score
1.49%
Published
2017-11-15
Updated
2022-05-23
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."
Max CVSS
5.8
EPSS Score
0.35%
Published
2017-03-17
Updated
2017-07-12
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
Max CVSS
5.3
EPSS Score
0.38%
Published
2016-12-20
Updated
2018-10-12
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
53.35%
Published
2016-12-20
Updated
2018-10-12
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Max CVSS
5.3
EPSS Score
0.51%
Published
2016-09-06
Updated
2017-02-19
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
Max CVSS
5.3
EPSS Score
0.51%
Published
2016-09-06
Updated
2017-02-19
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
0.84%
Published
2016-10-14
Updated
2018-10-12
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.
Max CVSS
5.3
EPSS Score
5.60%
Published
2016-10-14
Updated
2018-10-12
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
73.63%
Published
2016-08-09
Updated
2018-10-12
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.
Max CVSS
5.3
EPSS Score
73.63%
Published
2016-08-09
Updated
2018-10-12
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3327.
Max CVSS
5.3
EPSS Score
50.13%
Published
2016-08-09
Updated
2018-10-12

CVE-2016-3298

Known exploited
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
96.00%
Published
2016-10-14
Updated
2018-10-12
CISA KEV Added
2022-05-24
Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
Max CVSS
5.1
EPSS Score
0.97%
Published
2016-09-14
Updated
2018-10-12
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
73.63%
Published
2016-07-13
Updated
2018-10-12
The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
39.10%
Published
2016-07-13
Updated
2018-10-12
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
89.07%
Published
2016-10-14
Updated
2018-10-12
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
52.48%
Published
2016-07-13
Updated
2018-10-12
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Max CVSS
5.3
EPSS Score
38.34%
Published
2016-05-11
Updated
2018-10-12
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disclosure Vulnerability."
Max CVSS
5.0
EPSS Score
96.26%
Published
2015-10-14
Updated
2018-10-12
172 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!