FortiClient VulnerabilityInternet Explorer CVE-2016-0194 Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists when Internet Explorer does not properly handle file access permissions, which could allow an attacker to disclose the contents of arbitrary files on the user's computer. An attacker who successfully exploited the vulnerability could potentially read data that was not intended to be disclosed. Note that the vulnerability would not allow an attacker to execute code or to elevate a users rights directly, but the vulnerability could be used to obtain information in an attempt to further compromise the affected system. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. The update addresses the vulnerability by helping to ensure that file access permissions are properly validated before returning file data to the user.
Affected Applications
Internet Explorer 11
Internet Explorer 10
CVE References
CVE-2016-0194Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-0194| ID | 55905 |
| Created | Dec 11, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Internet Explorer 11 , Internet Explorer 10 |