Main Vulnerability Database Vulnerabilities #VU18767

#VU18767 Permissions, Privileges, and Access Controls in Microsoft Edge - CVE-2019-1054

Published: June 12, 2019

Vulnerability identifier: #VU18767

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1054

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Edge

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists in Microsoft Edge due to the browser fails to set Mark of the Web Tagging (MOTW). Such browser behavior leads to possibility to bypass a large number of Microsoft security technologies.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1054

#VU18767 Permissions, Privileges, and Access Controls in Microsoft Edge - CVE-2019-1054

Description

Remediation

External links

Please verify you're human