Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0612Microsoft Edge vulnerability

5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
14.0%
top 5.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Edge
Timeline
PublishedApr 8
Latest updateMay 13

Description

A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

CVEListV5microsoft/microsoft_edge12 versions+11

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-2467-gpx7-r99c: A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects2022-05-13
CVEList
CVE-2019-0612: A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects2019-04-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject2019-03-19

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2019-03-12
CVE-2019-0612 — Microsoft Edge vulnerability | cvebase