The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3134220. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists due to     improper validation of input when loading dynamic link     library (DLL) files. A local attacker can exploit this,     via a specially crafted application, to execute     arbitrary code. (CVE-2016-0041)

  - An information disclosure vulnerability exists in the     Hyperlink Object Library due to improper handling of     objects in memory. A remote attacker can exploit this by     convincing a user to click a link in an email or Office     file, resulting in the disclosure of memory contents.
    (CVE-2016-0059)

  - Multiple remote code execution vulnerabilities exist due     to improper handling of objects in memory. A remote     attacker can exploit these vulnerabilities by convincing     a user to visit a specially crafted website, resulting     in the execution of arbitrary code in the context of the     current user. (CVE-2016-0060, CVE-2016-0061,     CVE-2016-0062, CVE-2016-0063, CVE-2016-0064,     CVE-2016-0067, CVE-2016-0071, CVE-2016-0072)

  - A spoofing vulnerability exists due to improper parsing     of HTTP responses. An unauthenticated, remote attacker     can exploit this, via a specially crafted URL, to     redirect a user to a malicious website. (CVE-2016-0077)

  - Multiple elevation of privilege vulnerabilities exist     due to improper enforcement of cross-domain policies. An     unauthenticated, remote attacker can exploit this by     convincing a user to visit a specially crafted website,     resulting in an elevation of privilege. (CVE-2016-0068,     CVE-2016-0069)

Detections

Analytics

MS16-009: Cumulative Security Update for Internet Explorer (3134220)

high Nessus Plugin ID 88642

Version 1.17