Vulnerability Details CVE-2019-0678
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.046
EPSS Ranking 88.8%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.0
References
Products affected by CVE-2019-0678
-
cpe:2.3:a:microsoft:edge:-
-
cpe:2.3:o:microsoft:windows_10:1607
-
cpe:2.3:o:microsoft:windows_10:1703
-
cpe:2.3:o:microsoft:windows_10:1709
-
cpe:2.3:o:microsoft:windows_10:1803
-
cpe:2.3:o:microsoft:windows_10:1809
-
cpe:2.3:o:microsoft:windows_server_2016:-
-
cpe:2.3:o:microsoft:windows_server_2019:-