Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2016-3388 — Microsoft Internet Explorer vulnerability
Severity
7.5HIGHNVD
NVD5.3
EPSS
47.2%
top 2.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 14
Latest updateMay 14
Description
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6
Affected Packages1 packages
🔴Vulnerability Details
4GHSA▶
GHSA-c7mr-44hx-9566: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain↗2022-05-14
GHSA▶
GHSA-65wq-h5m6-882f: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain↗2022-05-14
CVEList▶
CVE-2016-3388: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain↗2016-10-14
CVEList▶
CVE-2016-3387: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain↗2016-10-14
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)↗2016-10-20