What is CVE_2016_3271-2?

[marjetika 1]

I'm getting this error:

Quote

 

 <some letters and numbers>.tmp has been detected as Clam.Html.Exploit.CVE_2016_3271-2. Quarantine failed.

 

I tried searching for the file name, but it doesn't exist.

There are two such hits, both listing a file with some random name, located in  $HOME\AppData\Local\Temp - which doesn't exist.

Do I have a problem? Is it a fp?

[ritchie58 442]

I did some of my own research and found some troubling information regarding CVE-2016-3271. 

The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

Where you using or closed the Edge browser when this happened? If that's the case you may have accessed a malicious web site that accessed your browser!

More info regarding this vulnerability can be found at this www.security-database.com URL https://www.security-database.com/detail.php?alert=CVE-2016-3271

[marjetika 1]

On 1/8/2021 at 2:47 AM, ritchie58 said:

Where you using or closed the Edge browser when this happened? If that's the case you may have accessed a malicious web site that accessed your browser!

I don't know if I was using Edge. I do occasionally open it for testing.

I just downloaded the latest version of Immunet. Will that fix the problem?

[ritchie58 442]

Since you've posted two encounters with a quarantine response I still would highly recommend that you perform a "Full Scan" of your entire OS just to weigh on the side of caution. 

Also, with the Edge browser you can store log-in/password information to auto fill in that info next time you visit that site. If you were using that feature you might want to consider changing your log-in info for any sites you accessed & logged into with Edge.

Best wishes, Ritchie...