CVE-2016-3388

MEDIUM

Microsoft Internet Explorer 10-11 and Edge - Elevation of Privilege via Private Namespace Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3388. PoCs published by Google Security Research.

AI-analyzed exploit summary This C++ exploit demonstrates an elevation of privilege (EoP) vulnerability in Windows 10 (10586) and Edge 25.10586.0.0 by exploiting an insecure DACL on an isolated private namespace created by ierutils, allowing any appcontainer process to gain elevated permissions.

Description

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · c++localwindows

https://www.exploit-db.com/exploits/40606

View Code ZIP pw:eip

This C++ exploit demonstrates an elevation of privilege (EoP) vulnerability in Windows 10 (10586) and Edge 25.10586.0.0 by exploiting an insecure DACL on an isolated private namespace created by ierutils, allowing any appcontainer process to gain elevated permissions.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Edge 25.10586.0.0 on Windows 10 10586

No auth needed

Prerequisites: Access to a system running Windows 10 10586 with Edge 25.10586.0.0 · Ability to execute compiled C++ code

MITRE ATT&CK