CVE-2016-3387

high-risk

Published 2016-10-14

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.

Do I need to act?

33.3% chance of exploitation in next 30 days

EPSS score — higher than 67% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40607

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (3)

Edge

Internet Explorer

Affected Vendors

Microsoft

References (12)

http://www.securityfocus.com/bid/93381

http://www.securitytracker.com/id/1036992

http://www.securitytracker.com/id/1036993

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11...

https://www.exploit-db.com/exploits/40607/

http://www.securityfocus.com/bid/93381

http://www.securitytracker.com/id/1036992

http://www.securitytracker.com/id/1036993

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11...

https://www.exploit-db.com/exploits/40607/

/ 100

high-risk

Severity 22/34 · High

Exploitability 23/34 · High

Exposure 9/34 · Low