Elevation of Privilege Vulnerability in Microsoft Edge Browser
CVE-2020-1056
Key Information:
- Vendor
Microsoft
- Status
- Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For 32-bit Systems
- Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For X64-based Systems
- Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For Arm64-based Systems
- Microsoft Edge (edgehtml-based) On Windows 10 Version 1809 For 32-bit Systems
- Vendor
- CVE Published:
- 21 May 2020
Badges
What is CVE-2020-1056?
An elevation of privilege vulnerability in Microsoft Edge arises from improper enforcement of cross-domain policies. This flaw could allow an attacker to obtain sensitive information from one domain and inject it into another, potentially compromising users' security. If exploited through a maliciously crafted website, this vulnerability enables attackers to perform unauthorized actions, increasing the risk of data exposure and manipulation.
Affected Version(s)
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems = unspecified
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems = unspecified
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems = unspecified
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
14% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved