CVE-2018-8567

Published: Nov 14, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

Affected (1)

Products: Microsoft: Edge

1 product

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Microsoft Edge	All versions

Running on/with	Platform Versions
Microsoft Windows 10	Version 1709
Microsoft Windows 10	Version 1803
Microsoft Windows 10	Version 1809
Microsoft Windows Server	Version 2019

References (6)

http://www.securityfocus.com/bid/105784

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042107

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8567

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/105784

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1042107

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8567

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.