PT-2019-1149 · Microsoft · Edge

James Forshaw

Published

2019-01-08

Updated

2020-08-24

CVE-2019-0566

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (affected versions not specified)

Description: The issue is related to an elevation of privilege vulnerability in the Microsoft Edge Browser Broker COM object. This vulnerability can be exploited by a remote attacker to elevate privileges on an affected system. It does not allow arbitrary code execution on its own but could enable arbitrary code to be run if combined with another vulnerability, such as a remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges for code execution.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-264

Related Identifiers

BDU:2019-00193

CVE-2019-0566

Affected Products

Edge

PT-2019-1149 · Microsoft · Edge

CVE-2019-0566

Weakness Enumeration

Related Identifiers

Affected Products

References · 6