CVE-2019-1054Microsoft Edge vulnerability

6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.1%
top 22.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Edge
Timeline
PublishedJun 12
Latest updateMay 24

Description

A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to e

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages1 packages

CVEListV5microsoft/microsoft_edge1.0..0publication

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-cw3h-wqmv-phpq: A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka 'Microsoft Edge Security Feature2022-05-24
CVEList
Microsoft Edge Security Feature Bypass Vulnerability2019-06-12

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2019-06-11
CVE-2019-1054 — Microsoft Edge vulnerability | cvebase