CVE-2019-0678 PoC — Microsoft Edge 权限许可和访问控制漏洞

Source

https://github.com/sharmasandeepkr/CVE-2019-0678

Associated Vulnerability

Title:Microsoft Edge 权限许可和访问控制漏洞 (CVE-2019-0678)
Description:An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.

Description

Microsoft Edge Elevation of Privilege Vulnerability

Readme

## Vulnerability

Microsoft Edge Elevation of Privilege Vulnerability

## Vulnerability Description 

This vulnerability allows an attacker to execute javascript code on every host without the permission, also an attacker can steal local system files, and this also results in changing internal developer settings in Microsoft Edge. 

## CVE-ID

CVE-2019-0678

## Vendor

Microsoft

## Product

Microsoft Edge

## Disclosure Timeline

1. 28 November 2018 reported to the vendor 
2. 03 December 2019 coordinated public release of advisory

## Credits

Nikhil Mittal

File Snapshot


 [4.0K]  /data/pocs/a9a097b9de3393a013758e43795899a3dba4aa95
└── [ 565]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!