Main Vulnerability Database Vulnerabilities #VU18581

Sendbox bypass in Microsoft Internet Explorer - #VU18581

Published: May 23, 2019

Vulnerability identifier: #VU18581

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Internet Explorer

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the way Internet Explorer handles loaded .DLL libraries. An attacker who can attack a malicious .dll file to the Internet Explorer process can bypass IE Protected Mode and execute arbitrary JS code with medium integrity permissions.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://github.com/SandboxEscaper/polarbearrepo/blob/master/sandboxescape/writeup.txt

Sendbox bypass in Microsoft Internet Explorer - #VU18581

Detailed vulnerability description

Remediation

Sources

Please verify you're human