CVE-2016-7281

moderate-risk

Published 2016-12-20

The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."

Do I need to act?

22.5% chance of exploitation in next 30 days

EPSS score — higher than 78% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / HIGH complexity

Affected Products (3)

Edge

Internet Explorer

Affected Vendors

Microsoft

References (8)

Third Party Advisory http://www.securityfocus.com/bid/94723

Third Party Advisory http://www.securitytracker.com/id/1037444

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-14...

Third Party Advisory http://www.securityfocus.com/bid/94723

Third Party Advisory http://www.securitytracker.com/id/1037444

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-14...

/ 100

moderate-risk

Severity 17/34 · Moderate

Exploitability 14/34 · Moderate

Exposure 9/34 · Low