CVE-2016-3375

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 9 through 11 Windows Vista version SP2 Windows Server version 2008 SP2 and R2 SP1 Windows 7 version SP1 Windows 8.1 Windows Server version 2012 Gold and R2 Windows RT version 8.1 Windows 10 versions Gold, 1511, and 1607

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is due to a memory corruption vulnerability in the OLE Automation mechanism and VBScript scripting engine. An attacker could exploit this to corrupt memory, allowing the execution of arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view or modify data, or create new accounts with full user rights.

Recommendations For Internet Explorer versions 9 through 11, update to a newer version to mitigate the risk. For Windows Vista version SP2, apply the recommended patch. For Windows Server version 2008 SP2 and R2 SP1, apply the recommended patch. For Windows 7 version SP1, apply the recommended patch. For Windows 8.1, apply the recommended patch. For Windows Server version 2012 Gold and R2, apply the recommended patch. For Windows RT version 8.1, apply the recommended patch. For Windows 10 versions Gold, 1511, and 1607, apply the recommended patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.