Vulnerability Details CVE-2016-3387
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.333
EPSS Ranking 96.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.8
References
- http://www.securityfocus.com/bid/93381
- http://www.securitytracker.com/id/1036992
- http://www.securitytracker.com/id/1036993
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
- https://www.exploit-db.com/exploits/40607/
- http://www.securityfocus.com/bid/93381
- http://www.securitytracker.com/id/1036992
- http://www.securitytracker.com/id/1036993
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
- https://www.exploit-db.com/exploits/40607/
Products affected by CVE-2016-3387
-
cpe:2.3:a:microsoft:edge:-
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11