CVE-2016-3298

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 9 through 11 Internet Messaging API in Windows Vista SP2 Internet Messaging API in Windows Server 2008 SP2 and R2 SP1 Internet Messaging API in Windows 7 SP1

Description The issue allows remote attackers to determine the existence of arbitrary files via a crafted web site. An attacker who successfully exploited this could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. This is due to Internet Explorer improperly handling objects in memory.

Recommendations For Microsoft Internet Explorer versions 9 through 11, update to a version that properly handles objects in memory to prevent information disclosure. For Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1, restrict access to the API until a patch is available to prevent exploitation. As a temporary workaround, consider restricting user access to malicious websites to minimize the risk of exploitation.