CVE-2016-3288

HIGH

Microsoft Internet Explorer 11 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3288. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit targets CVE-2016-3288, a use-after-free vulnerability in Microsoft Internet Explorer. The PoC uses JavaScript event handlers and malformed HTML elements to trigger memory corruption, potentially leading to remote code execution.

Description

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/40253

This exploit targets CVE-2016-3288, a use-after-free vulnerability in Microsoft Internet Explorer. The PoC uses JavaScript event handlers and malformed HTML elements to trigger memory corruption, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer (versions prior to patch for CVE-2016-3288)
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036562
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92321
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40253/

Scores

CVSS v3 7.5
EPSS 0.3408
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
microsoft/internet_explorer 11
Published Aug 09, 2016
Tracked Since Feb 18, 2026