CVE-2018-8463 — Microsoft Edge Elevation of Privilege Vulnerability
Executive Summary
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing.
Overview
CVSS Vector
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4457128 (Security Update) |
Important | Elevation of Privilege | Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4457128 (Security Update) |
Important | Elevation of Privilege | Yes |
Patches
| Article | Type | Restart |
|---|---|---|
4457128 |
Security Update | Yes |
Known Exploits
Acknowledgments
Lokihardt of Google Project Zero