CVE-2023-28261

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.

What privileges could be gained by an attacker who successfully exploited the vulnerability?

A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.

According to the CVSS metrics, the attack vector is local (AV:L). What does that mean for this vulnerability?

An attacker must have loaded the malicious executable onto the victim's machine through social engineering first. The execution of the attack itself only occurs on the victim's local machine with no network access required.

According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of availability (A:N)? What does that mean for this vulnerability?

An attacker cannot impact the availability of the browser.

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability?

The attacker who successfully exploited the vulnerability could have limited ability to perform code execution.

What is the version information for this release?