CVE-2016-3387

high

Description

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.

References

https://www.exploit-db.com/exploits/40607/

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118

http://www.securitytracker.com/id/1036993

http://www.securitytracker.com/id/1036992

http://www.securityfocus.com/bid/93381

Details

Source: Mitre, NVD

Published: 2016-10-14

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High