Main Vulnerability Database SB2019010819

SB2019010819 - Privilege escalation in Microsoft Edge

Published: January 8, 2019

Security Bulletin ID SB2019010819

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0555)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists within the Microsoft XmlDocument class. A remote attacker can bypass the AppContainer sandbox in the browser and perform actions on the system with elevated privileges in conjunction with other vulnerabilities.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0555