CVE-2016-3387

EUVD-2016-4415
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoftedge
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB3192440
1511 (x64, x86)
KB3192441
1607 (x64, x86)
KB3194798
Windows 8.1
(x64, x86)
KB3192392
Windows RT 8.1
All
KB3185331
Windows Server 2012
Standard
KB3192393
Windows Server 2012 R2
Standard
KB3192392
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93381
http://www.securitytracker.com/id/1036992
http://www.securitytracker.com/id/1036993
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
https://www.exploit-db.com/exploits/40607/
http://www.securityfocus.com/bid/93381
http://www.securitytracker.com/id/1036992
http://www.securitytracker.com/id/1036993
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119
https://www.exploit-db.com/exploits/40607/