CVE-2016-3388
published 2016-10-14CVE-2016-3388: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain…
PriorityP348medium5.3CVSS 3.0
AVNACHPRNUIRSUCNIHAN
EXPLOIT
EPSS
27.59%
97.8th percentile
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| msrc | internet_explorer_10_on_windows_server_2012 | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_msrc5.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c7mr-44hx-9566: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2016-3388 [HIGH] GHSA-c7mr-44hx-9566: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.
GHSA
GHSA-65wq-h5m6-882f: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain
ghsa_unreviewed·2022-05-14·CVSS 5.3
CVE-2016-3387 [MEDIUM] GHSA-65wq-h5m6-882f: Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.
Microsoft
Microsoft Browser Elevation of Privilege Vulnerability
vendor_msrc·2016-10-11·CVSS 5.3
CVE-2016-3388 [MEDIUM] Microsoft Browser Elevation of Privilege Vulnerability
Microsoft Browser Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when affected Microsoft browsers fail to properly secure private namespace. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges.
The vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more other vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.
The update addresses the vulnerability by correcting how Microsoft browsers handle namespace boundaries.
Microsoft Browsers:
No detection rules found.
http://www.securityfocus.com/bid/93382http://www.securitytracker.com/id/1036992http://www.securitytracker.com/id/1036993https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119https://www.exploit-db.com/exploits/40606/http://www.securityfocus.com/bid/93382http://www.securitytracker.com/id/1036992http://www.securitytracker.com/id/1036993https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119https://www.exploit-db.com/exploits/40606/
2016-10-14
Published