Описание
Microsoft Edge Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox.
The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.
The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
Уязвимость браузера Microsoft Edge, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выйти из изолированной программной среды
EPSS
4.2 Medium
CVSS3