CVE-2016-3388

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 10 through 11 Microsoft Edge (affected versions not specified)

Description The issue is related to errors in access restriction to the namespace. Exploitation of this issue may allow a remote attacker to gain elevated privileges. The vulnerabilities exist when Microsoft Edge or Internet Explorer fails to properly secure private namespaces, allowing attackers to gain elevated permissions on the namespace directory of a vulnerable system. These vulnerabilities do not allow arbitrary code to be run but could be used in conjunction with other vulnerabilities, such as remote code execution vulnerabilities, to take advantage of the elevated privileges.

Recommendations For Microsoft Internet Explorer versions 10 through 11, consider restricting access to private namespaces as a temporary workaround until a patch is available. For Microsoft Edge, restrict access to the private namespace to minimize the risk of exploitation. Avoid using the vulnerable browsers for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.