SHARE
TWEET

Microsoft Edge vulnerabilities can Break the Sandbox

TVT618 Oct 1st, 2018 (edited) 167 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. EDB-ID-45502 - Microsoft Edge vulnerabilities can Break the Sandbox
  2.  
  3. EDB-ID: 45502
  4. CVE: CVE-2018-8463, CVE-2018-8468, CVE-2018-8469
  5. E-DB Verified: Yes
  6. Author: Google Security Research
  7. Type: Remote
  8. Advisory/Source: bugs.chromium.org
  9. Published: 2018-09-27
  10. Platform: Windows
  11. Vulnerable: Microsoft Edge
  12.  * Microsoft Windows 10 for 32-bit Systems
  13.  * Microsoft Windows 10 for x64-based Systems
  14.  * Microsoft Windows 10 version 1511 for 32-bit Systems
  15.  * Microsoft Windows 10 version 1511 for x64-based Systems
  16.  * Microsoft Windows 10 Version 1607 for 32-bit Systems
  17.  * Microsoft Windows 10 Version 1607 for x64-based Systems
  18.  * Microsoft Windows 10 version 1703 for 32-bit Systems
  19.  * Microsoft Windows 10 version 1703 for x64-based Systems
  20.  * Microsoft Windows 10 version 1709 for 32-bit Systems
  21.  * Microsoft Windows 10 version 1709 for x64-based Systems
  22.  * Microsoft Windows 10 Version 1803 for 32-bit Systems
  23.  * Microsoft Windows 10 Version 1803 for x64-based Systems
  24.  * Microsoft Windows Server 2016
  25.  * Microsoft Windows Server 2016 for x64-based Systems
  26.  * Microsoft Windows Server 2012 R2
  27.  * Microsoft Windows Server 2012
  28.  * Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  29.  * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  30.  * Microsoft Windows Server 2008 for x64-based Systems SP2
  31.  * Microsoft Windows Server 2008 for Itanium-based Systems SP2
  32.  * Microsoft Windows Server 2008 for 32-bit Systems SP2
  33.  
  34. https://pastebin.com/tz0VfbpQ
  35.  
  36. About CVE-2018-8463
  37.    An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.
  38.    An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox.
  39.    The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.
  40.    The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing.
  41.  
  42. About CVE-2018-8468
  43.    An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
  44.    An elevation of privilege vulnerability exists in Windows that allows a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.
  45.    This vulnerability by itself does not allow arbitrary code execution. However, the vulnerability could allow arbitrary code to run if an attacker uses it in combination with another vulnerability, such as a remote code execution vulnerability or another elevation of privilege vulnerability, that can leverage the elevated privileges when code execution is attempted.
  46.    The security update addresses the vulnerability by correcting how Windows parses files.
  47.  
  48. About CVE-2018-8469
  49.    An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463.
  50.    An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox.
  51.    The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running.
  52.    The security update addresses the vulnerability by modifying how Microsoft Edge handles sandboxing.
  53.  
  54. From Exploit Database (https://www.exploit-db.com/exploits/45502/), CVE and Microsoft
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top