Zero-day vulnerability in Microsoft Internet Explorer

Memory corruption

Microsoft has known about CVE-2016-3351 since 2015.
Exploited By AdGholas and GooNky Malvertising Groups.

Vulnerability details

Advisory: SB2016091307 - Multiple vulnerabilities in Microsoft Internet Explorer and Edge

Vulnerable component: Microsoft Internet Explorer

CVE-ID: CVE-2016-3351

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer


The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to boundary error when handling of malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and gain access to arbitrary data.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Note: the vulnerability was being actively exploited.

Known APT campaigns:


AdGholas is a name of malvertising campaign active since at least October 2015. To avoid detection the hackers use steganography and file whitelisting techniques. As of April 2017 the hackers employed Astrum exploit kit, according to Trend Micro report.