CVE-2016-3351 — Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
2022-05-24 • CISA Known Exploited Vulnerability
[event] An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | Internet Explorer and Edge |
| CWE | CWE-200 |
| CVE ID | CVE-2016-3351 |
| Date Added | 2022-05-24 |
| Due Date | 2022-06-14 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-06-14