Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Microsoft Edge Elevation of Privilege Vulnerability


2019/7/19

Vulnerability

Microsoft Edge Elevation of Privilege Vulnerability

Vulnerability Description

This vulnerability allows an attacker to execute javascript code on every host without the permission, also an attacker can steal local system files, and this also results in changing internal developer settings in Microsoft Edge.

CVE-ID

CVE-2019-0678

Vendor

Microsoft

Product

Microsoft Edge

Disclosure Timeline

  1. 28 November 2018 reported to the vendor
  2. 03 December 2019 coordinated public release of advisory

Credits

Nikhil Mittal