This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote host has a web browser installed that is affected by
The version of Microsoft Edge installed on the remote host is missing
Cumulative Security Update 3142019. It is, therefore, affected by
multiple vulnerabilities :
- Multiple remote code execution vulnerabilities exist due
to improper handling of objects in memory. An attacker
can exploit these vulnerabilities by convincing a user
to visit a specially crafted website, resulting in
execution of arbitrary code in the context of the
current user. (CVE-2016-0102, CVE-2016-0105,
CVE-2016-0109, CVE-2016-0110, CVE-2016-0111,
CVE-2016-0116, CVE-2016-0123, CVE-2016-0124,
- An information disclosure vulnerability exists due to
improper handling of the referrer policy. An attacker
can exploit this vulnerabilities by convincing a user
to visit a specially crafted website, resulting in the
disclosure of sensitive information about the request
context or the browsing history of a user.
Note that CVE-2016-0116, CVE-2016-0124, and CVE-2016-0129 do
not affect Windows 10, and they are only applicable to the
Windows Server versions.
See also :
Microsoft has released a set of patches for Windows 10.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 89747 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now