CVE-2016-3387

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 10 through 11 Microsoft Edge (affected versions not specified)

Description The issue is related to errors in access restriction to private namespaces, which allows remote attackers to gain privileges via unspecified vectors. This could lead to elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges. The vulnerabilities by themselves do not allow arbitrary code to be run, but they could be used in conjunction with other vulnerabilities, such as a remote code execution vulnerability, to take advantage of the elevated privileges when running.

Recommendations For Microsoft Internet Explorer versions 10 through 11, consider restricting access to private namespaces as a temporary workaround until a patch is available. For Microsoft Edge, restrict access to the private namespace to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.