VAR-201601-0504
Vulnerability from variot - Updated: 2025-04-13 23:09Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability.". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of text nodes within HTML documents. By manipulating a document's elements an attacker can disclose the contents of memory. An attacker can use this information in conjunction with other vulnerabilities to execute code in the context of the process. SamsungkernelforAndroidonSM-N9005 (Note3) and SM-G920F (GalaxyS6) are the cores of Samsung's Android system running on SM-N9005 (Note3) and SM-G920F (GalaxyS6) (smartphone). Secfilter is one of the URL parsing filter plugins. An input validation vulnerability exists in the secfilter of Samsungkernel for Android in SamsungSM-N9005 (Note3) and SM-G920F (GalaxyS6). An attacker could exploit the vulnerability by bypassing URL filtering by inserting 'exceptionalURL' into the query string. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Failed attacks will cause denial of service conditions. Samsung kernel for Android on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) are both Korean Samsung (Samsung) running on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) (smart phones) The kernel of the Android system in. There is a security vulnerability in the secfilter of Samsung kernel for Android in Samsung SM-N9005(Note 3) and SM-G920F(Galaxy S6). The following products and versions are affected: Samsung SM-N9005 build N9005XXUGBOB6 (Note 3) version; SM-G920F build G920FXXU2COH2 (Galaxy S6) version. Microsoft Edge is a web browser developed by Microsoft Corporation in the United States, and it is the default browser included with the Windows 10 operating system
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "edge",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "edge",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(windows 10)"
},
{
"_id": null,
"model": "edge",
"scope": null,
"trust": 0.7,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "galaxy s6 sm-g920f build g920fxxu2coh2",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
},
{
"_id": null,
"model": "note sm-n9005 build n9005xxugbob6",
"scope": "eq",
"trust": 0.6,
"vendor": "samsung",
"version": "3"
},
{
"_id": null,
"model": "edge",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-019"
},
{
"db": "CNVD",
"id": "CNVD-2017-11327"
},
{
"db": "BID",
"id": "79893"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-202"
},
{
"db": "NVD",
"id": "CVE-2016-0003"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:edge",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
}
]
},
"credits": {
"_id": null,
"data": "003",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-019"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-202"
}
],
"trust": 1.3
},
"cve": "CVE-2016-0003",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0003",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-0003",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-11327",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-91386",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-87513",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0003",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0003",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-0003",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2016-0003",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-11327",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-202",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91386",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-87513",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-019"
},
{
"db": "CNVD",
"id": "CNVD-2017-11327"
},
{
"db": "VULHUB",
"id": "VHN-91386"
},
{
"db": "VULHUB",
"id": "VHN-87513"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-202"
},
{
"db": "NVD",
"id": "CVE-2016-0003"
}
]
},
"description": {
"_id": null,
"data": "Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka \"Microsoft Edge Memory Corruption Vulnerability.\". User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of text nodes within HTML documents. By manipulating a document\u0027s elements an attacker can disclose the contents of memory. An attacker can use this information in conjunction with other vulnerabilities to execute code in the context of the process. SamsungkernelforAndroidonSM-N9005 (Note3) and SM-G920F (GalaxyS6) are the cores of Samsung\u0027s Android system running on SM-N9005 (Note3) and SM-G920F (GalaxyS6) (smartphone). Secfilter is one of the URL parsing filter plugins. An input validation vulnerability exists in the secfilter of Samsungkernel for Android in SamsungSM-N9005 (Note3) and SM-G920F (GalaxyS6). An attacker could exploit the vulnerability by bypassing URL filtering by inserting \u0027exceptionalURL\u0027 into the query string. \nAttackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Failed attacks will cause denial of service conditions. Samsung kernel for Android on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) are both Korean Samsung (Samsung) running on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) (smart phones) The kernel of the Android system in. There is a security vulnerability in the secfilter of Samsung kernel for Android in Samsung SM-N9005(Note 3) and SM-G920F(Galaxy S6). The following products and versions are affected: Samsung SM-N9005 build N9005XXUGBOB6 (Note 3) version; SM-G920F build G920FXXU2COH2 (Galaxy S6) version. Microsoft Edge is a web browser developed by Microsoft Corporation in the United States, and it is the default browser included with the Windows 10 operating system",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0003"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
},
{
"db": "ZDI",
"id": "ZDI-16-019"
},
{
"db": "CNVD",
"id": "CNVD-2017-11327"
},
{
"db": "BID",
"id": "79893"
},
{
"db": "VULHUB",
"id": "VHN-91386"
},
{
"db": "VULHUB",
"id": "VHN-87513"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-0003",
"trust": 4.2
},
{
"db": "ZDI",
"id": "ZDI-16-019",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1034649",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3329",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201601-202",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-11327",
"trust": 0.6
},
{
"db": "BID",
"id": "79893",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-91386",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87513",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-019"
},
{
"db": "CNVD",
"id": "CNVD-2017-11327"
},
{
"db": "VULHUB",
"id": "VHN-91386"
},
{
"db": "VULHUB",
"id": "VHN-87513"
},
{
"db": "BID",
"id": "79893"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-202"
},
{
"db": "NVD",
"id": "CVE-2016-0003"
}
]
},
"id": "VAR-201601-0504",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11327"
},
{
"db": "VULHUB",
"id": "VHN-91386"
},
{
"db": "VULHUB",
"id": "VHN-87513"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11327"
}
]
},
"last_update_date": "2025-04-13T23:09:39.656000Z",
"patch": {
"_id": null,
"data": [
{
"title": "MS16-002",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/ms16-002.aspx"
},
{
"title": "MS16-002",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/ms16-002.aspx"
},
{
"title": "Microsoft has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://technet.microsoft.com/library/security/MS16-002"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-019"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91386"
},
{
"db": "VULHUB",
"id": "VHN-87513"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
},
{
"db": "NVD",
"id": "CVE-2016-0003"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-019"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-002"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034649"
},
{
"trust": 1.0,
"url": "https://technet.microsoft.com/library/security/ms16-002"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0003"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20160113-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2016/at160004.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0003"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/topics/?seq=17573"
},
{
"trust": 0.7,
"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0003"
},
{
"trust": 0.6,
"url": "http://technet.microsoft.com/security/bulletin/ms16-002"
},
{
"trust": 0.3,
"url": "https://www.microsoft.com/en-us/windows/microsoft-edge"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-019/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-019"
},
{
"db": "CNVD",
"id": "CNVD-2017-11327"
},
{
"db": "VULHUB",
"id": "VHN-91386"
},
{
"db": "VULHUB",
"id": "VHN-87513"
},
{
"db": "BID",
"id": "79893"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-202"
},
{
"db": "NVD",
"id": "CVE-2016-0003"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-16-019",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-11327",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-91386",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-87513",
"ident": null
},
{
"db": "BID",
"id": "79893",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001012",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201601-202",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-0003",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-01-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-019",
"ident": null
},
{
"date": "2017-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11327",
"ident": null
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-91386",
"ident": null
},
{
"date": "2016-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-87513",
"ident": null
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "79893",
"ident": null
},
{
"date": "2016-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001012",
"ident": null
},
{
"date": "2016-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-202",
"ident": null
},
{
"date": "2016-01-13T05:59:02.683000",
"db": "NVD",
"id": "CVE-2016-0003",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-01-12T00:00:00",
"db": "ZDI",
"id": "ZDI-16-019",
"ident": null
},
{
"date": "2017-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11327",
"ident": null
},
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-91386",
"ident": null
},
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-87513",
"ident": null
},
{
"date": "2016-01-12T00:00:00",
"db": "BID",
"id": "79893",
"ident": null
},
{
"date": "2016-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001012",
"ident": null
},
{
"date": "2016-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-202",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0003",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-202"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Microsoft Edge Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001012"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-202"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…