CVE-2018-0803 — Incorrect Authorization in Corporation Microsoft Edge

CWE-863 — Incorrect Authorization5 documents4 sources

Severity

4.2MEDIUMNVD

EPSS

3.7%

top 12.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Edge Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems Msrc Microsoft Edge ON Windows 10 FOR X64-based Systems +9 more

Timeline

PublishedJan 4

Latest updateMay 13

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages12 packages

▶msrcmsrc/microsoft_edge_on_windows_server_2016

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1703_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1709_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rc8x-g2jf-pcr5: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Elevation of Privilege Vulnerability↗2018-01-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶