Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8463Microsoft Edge vulnerability

10 documents6 sources
Severity
7.4HIGHNVD
EPSS
20.3%
top 4.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Edge
Timeline
PublishedSep 13
Latest updateMay 13

Description

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

CVEListV5microsoft/microsoft_edge11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

4
GHSA
GHSA-39x9-qhh7-qf97: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser,2022-05-13
GHSA
GHSA-mc88-f3m4-3m3h: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser,2022-05-13
CVEList
CVE-2018-8469: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser,2018-09-13
CVEList
CVE-2018-8463: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser,2018-09-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Edge - Sandbox Escape2018-09-27

📋Vendor Advisories

1
Microsoft
Microsoft Edge Elevation of Privilege Vulnerability2018-09-11

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - September 20182018-09-11
Talos
Microsoft Patch Tuesday - September 20182018-09-11
CVE-2018-8463 — Microsoft Edge vulnerability | cvebase