Details of VAR-201601-0504

ID

VAR-201601-0504

CVE

CVE-2016-0003

TITLE

Microsoft Edge Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001012

DESCRIPTION

Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability.". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of text nodes within HTML documents. By manipulating a document's elements an attacker can disclose the contents of memory. An attacker can use this information in conjunction with other vulnerabilities to execute code in the context of the process. SamsungkernelforAndroidonSM-N9005 (Note3) and SM-G920F (GalaxyS6) are the cores of Samsung's Android system running on SM-N9005 (Note3) and SM-G920F (GalaxyS6) (smartphone). Secfilter is one of the URL parsing filter plugins. An input validation vulnerability exists in the secfilter of Samsungkernel for Android in SamsungSM-N9005 (Note3) and SM-G920F (GalaxyS6). An attacker could exploit the vulnerability by bypassing URL filtering by inserting 'exceptionalURL' into the query string. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Failed attacks will cause denial of service conditions. Samsung kernel for Android on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) are both Korean Samsung (Samsung) running on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) (smart phones) The kernel of the Android system in. There is a security vulnerability in the secfilter of Samsung kernel for Android in Samsung SM-N9005(Note 3) and SM-G920F(Galaxy S6). The following products and versions are affected: Samsung SM-N9005 build N9005XXUGBOB6 (Note 3) version; SM-G920F build G920FXXU2COH2 (Galaxy S6) version. Microsoft Edge is a web browser developed by Microsoft Corporation in the United States, and it is the default browser included with the Windows 10 operating system

Trust: 3.24

sources: NVD: CVE-2016-0003 // JVNDB: JVNDB-2016-001012 // ZDI: ZDI-16-019 // CNVD: CNVD-2017-11327 // BID: 79893 // VULHUB: VHN-91386 // VULHUB: VHN-87513

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-11327

AFFECTED PRODUCTS

vendor:	microsoft	model:	edge	scope:	eq	version:	-	Trust: 1.6
vendor:	microsoft	model:	edge	scope:	eq	version:	(windows 10)	Trust: 0.8
vendor:	microsoft	model:	edge	scope:	-	version:	-	Trust: 0.7
vendor:	samsung	model:	galaxy s6 sm-g920f build g920fxxu2coh2	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	note sm-n9005 build n9005xxugbob6	scope:	eq	version:	3	Trust: 0.6
vendor:	microsoft	model:	edge	scope:	eq	version:	0	Trust: 0.3

sources: ZDI: ZDI-16-019 // CNVD: CNVD-2017-11327 // BID: 79893 // JVNDB: JVNDB-2016-001012 // CNNVD: CNNVD-201601-202 // NVD: CVE-2016-0003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0003
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-0003
value:	HIGH
Trust: 0.8
ZDI:	CVE-2016-0003
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2017-11327
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201601-202
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-91386
value:	LOW
Trust: 0.1
VULHUB:	VHN-87513
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-0003
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2016-0003
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-11327
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-91386
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-87513
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0003
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0

sources: ZDI: ZDI-16-019 // CNVD: CNVD-2017-11327 // VULHUB: VHN-91386 // VULHUB: VHN-87513 // JVNDB: JVNDB-2016-001012 // CNNVD: CNNVD-201601-202 // NVD: CVE-2016-0003

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-91386 // VULHUB: VHN-87513 // JVNDB: JVNDB-2016-001012 // NVD: CVE-2016-0003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-202

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201601-202

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001012

PATCH

title:	MS16-002	url:	https://technet.microsoft.com/en-us/library/security/ms16-002.aspx	Trust: 0.8
title:	MS16-002	url:	https://technet.microsoft.com/ja-jp/library/security/ms16-002.aspx	Trust: 0.8
title:	Microsoft has issued an update to correct this vulnerability.	url:	https://technet.microsoft.com/library/security/MS16-002	Trust: 0.7

sources: ZDI: ZDI-16-019 // JVNDB: JVNDB-2016-001012

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0003	Trust: 4.2
db:	ZDI	id:	ZDI-16-019	Trust: 2.1
db:	SECTRACK	id:	1034649	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001012	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3329	Trust: 0.7
db:	CNNVD	id:	CNNVD-201601-202	Trust: 0.7
db:	CNVD	id:	CNVD-2017-11327	Trust: 0.6
db:	BID	id:	79893	Trust: 0.4
db:	VULHUB	id:	VHN-91386	Trust: 0.1
db:	VULHUB	id:	VHN-87513	Trust: 0.1

sources: ZDI: ZDI-16-019 // CNVD: CNVD-2017-11327 // VULHUB: VHN-91386 // VULHUB: VHN-87513 // BID: 79893 // JVNDB: JVNDB-2016-001012 // CNNVD: CNNVD-201601-202 // NVD: CVE-2016-0003

REFERENCES

url:	http://www.zerodayinitiative.com/advisories/zdi-16-019	Trust: 1.1
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-002	Trust: 1.1
url:	http://www.securitytracker.com/id/1034649	Trust: 1.1
url:	https://technet.microsoft.com/library/security/ms16-002	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20160113-ms.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2016/at160004.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0003	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=17573	Trust: 0.8
url:	https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003	Trust: 0.7
url:	http://technet.microsoft.com/security/bulletin/ms16-002	Trust: 0.6
url:	https://www.microsoft.com/en-us/windows/microsoft-edge	Trust: 0.3
url:	http://www.microsoft.com	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-019/	Trust: 0.3

CREDITS

003

Trust: 1.3

sources: ZDI: ZDI-16-019 // CNNVD: CNNVD-201601-202

SOURCES

db:	ZDI	id:	ZDI-16-019
db:	CNVD	id:	CNVD-2017-11327
db:	VULHUB	id:	VHN-91386
db:	VULHUB	id:	VHN-87513
db:	BID	id:	79893
db:	JVNDB	id:	JVNDB-2016-001012
db:	CNNVD	id:	CNNVD-201601-202
db:	NVD	id:	CVE-2016-0003

LAST UPDATE DATE

2025-04-13T23:09:39.656000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-019	date:	2016-01-12T00:00:00
db:	CNVD	id:	CNVD-2017-11327	date:	2017-06-26T00:00:00
db:	VULHUB	id:	VHN-91386	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-87513	date:	2018-10-12T00:00:00
db:	BID	id:	79893	date:	2016-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-001012	date:	2016-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201601-202	date:	2016-01-14T00:00:00
db:	NVD	id:	CVE-2016-0003	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-16-019	date:	2016-01-12T00:00:00
db:	CNVD	id:	CNVD-2017-11327	date:	2017-06-26T00:00:00
db:	VULHUB	id:	VHN-91386	date:	2017-04-13T00:00:00
db:	VULHUB	id:	VHN-87513	date:	2016-01-13T00:00:00
db:	BID	id:	79893	date:	2016-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-001012	date:	2016-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201601-202	date:	2016-01-13T00:00:00
db:	NVD	id:	CVE-2016-0003	date:	2016-01-13T05:59:02.683