High severityNVD Advisory· Published Jun 4, 2018· Updated Sep 17, 2024

CVE-2016-10689

Description

The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
windows-iedrivernpm	<= 2.48.0	—

Affected products

Hackerone/Windows Iedriver Node Modulev5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-w9mf-24h3-9wxfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2016-10689ghsaADVISORY
nodesecurity.io/advisories/293mitrex_refsource_MISC
www.npmjs.com/advisories/293ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000