Test ID:	1.3.6.1.4.1.25623.1.0.809439
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Edge Multiple Vulnerabilities (3192890)
Summary:	This host is missing a critical security; update according to Microsoft Bulletin MS16-119.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS16-119. Vulnerability Insight: Multiple flaws exist due to: - A remote code execution exist in the way that the Chakra JavaScript engine renders when handling objects in memory. - A remote code execution vulnerability exists in the way that Microsoft Edge improperly handles objects in memory. - An information disclosure exists when Microsoft browsers leave credential data in memory. - Multiple information disclosure exists when the Microsoft Edge improperly handles objects in memory. - An elevation of privilege when Microsoft Edge fails to properly secure private namespace. - A security feature bypass flaw exists when the Edge Content Security Policy fails to properly handle validation of certain specially crafted documents. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code in the context of the current user, and obtain information to further compromise the users system. Affected Software/OS: - Microsoft Windows 10 x32/x64 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3267 BugTraq ID: 93376 http://www.securityfocus.com/bid/93376 Microsoft Security Bulletin: MS16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 Microsoft Security Bulletin: MS16-119 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119 http://www.securitytracker.com/id/1036992 http://www.securitytracker.com/id/1036993 Common Vulnerability Exposure (CVE) ID: CVE-2016-3331 BugTraq ID: 93387 http://www.securityfocus.com/bid/93387 Common Vulnerability Exposure (CVE) ID: CVE-2016-3382 BugTraq ID: 93386 http://www.securityfocus.com/bid/93386 Common Vulnerability Exposure (CVE) ID: CVE-2016-3386 BugTraq ID: 93426 http://www.securityfocus.com/bid/93426 Common Vulnerability Exposure (CVE) ID: CVE-2016-3387 BugTraq ID: 93381 http://www.securityfocus.com/bid/93381 https://www.exploit-db.com/exploits/40607/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3388 BugTraq ID: 93382 http://www.securityfocus.com/bid/93382 https://www.exploit-db.com/exploits/40606/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3389 BugTraq ID: 93398 http://www.securityfocus.com/bid/93398 Common Vulnerability Exposure (CVE) ID: CVE-2016-3390 BugTraq ID: 93383 http://www.securityfocus.com/bid/93383 Common Vulnerability Exposure (CVE) ID: CVE-2016-3391 BugTraq ID: 93379 http://www.securityfocus.com/bid/93379 Common Vulnerability Exposure (CVE) ID: CVE-2016-3392 BugTraq ID: 93401 http://www.securityfocus.com/bid/93401 Common Vulnerability Exposure (CVE) ID: CVE-2016-7189 BugTraq ID: 93427 http://www.securityfocus.com/bid/93427 Common Vulnerability Exposure (CVE) ID: CVE-2016-7190 BugTraq ID: 93428 http://www.securityfocus.com/bid/93428 Common Vulnerability Exposure (CVE) ID: CVE-2016-7194 BugTraq ID: 93399 http://www.securityfocus.com/bid/93399
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.