Msrc Microsoft Edge vulnerabilities

CVE-2020-1568 [HIGH] Microsoft Edge PDF Remote Code Execution Vulnerability Microsoft Edge PDF Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the curre

CVE-2020-1433 [MEDIUM] Microsoft Edge PDF Information Disclosure Vulnerability Microsoft Edge PDF Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains mal

CVE-2020-1462 [MEDIUM] Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based). An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user prof

CVE-2020-1341 [LOW] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when DLL files are allowed to download without prompting additional warning to the user. An attacker who successfully exploited this vulnerability could drop the DLL files on the users Download folder (or equivalent) and gain elevated privileges.

CVE-2020-1073 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2020-1219 [HIGH] Microsoft Browser Memory Corruption Vulnerability Microsoft Browser Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the cur

CVE-2020-1037 [HIGH] Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the

CVE-2020-1195 [MEDIUM] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges. The vulnerability by itself does not allow arbitrary code

CVE-2020-0969 [HIGH] Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the

CVE-2020-0768 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current us

CVE-2020-0826 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2020-0823 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2020-0831 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2020-0827 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2020-0828 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2020-0830 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current us

CVE-2020-0829 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2020-0706 [MEDIUM] Microsoft Browser Information Disclosure Vulnerability Microsoft Browser Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all of the web pages in the affected browser. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploi

CVE-2020-0767 [HIGH] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If

CVE-2019-1335 [HIGH] Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the