CVE-2016-3387

HIGH

Microsoft Edge - Access Control

Title source: rule

Description

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · c++localwindows

https://www.exploit-db.com/exploits/40607

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036992

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036993

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93381

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40607/

Scores

CVSS v3 7.5

EPSS 0.3335

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (3)

microsoft/edge

microsoft/internet_explorer 10

microsoft/internet_explorer 11

Published Oct 14, 2016

Tracked Since Feb 18, 2026