{"api_version":"1","generated_at":"2026-07-04T21:42:12+00:00","cve":"CVE-2018-8463","urls":{"html":"https://cve.report/CVE-2018-8463","api":"https://cve.report/api/cve/CVE-2018-8463.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8463","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8463"},"summary":{"title":"CVE-2018-8463","description":"An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-09-13 00:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/45502/","name":"45502","refsource":"EXPLOIT-DB","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Edge - Sandbox Escape - Windows remote Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1041623","name":"1041623","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Edge Multiple Bugs Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Gain Elevated Privileges, and Spoof Content on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105260","name":"105260","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft Edge CVE-2018-8463 Remote Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8463","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8463","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8463","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"edge","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8463","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"edge","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8463","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"1803","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8463","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"1803","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8463","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Microsoft Edge","version":{"version_data":[{"version_value":"Windows 10 Version 1803 for 32-bit Systems"},{"version_value":"Windows 10 Version 1803 for x64-based Systems"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of Privilege"}]}]},"references":{"reference_data":[{"name":"45502","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/45502/"},{"name":"1041623","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041623"},{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463"},{"name":"105260","refsource":"BID","url":"http://www.securityfocus.com/bid/105260"}]}},"nvd":{"publishedDate":"2018-09-13 00:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8463","Ordinal":"124818","Title":"CVE-2018-8463","CVE":"CVE-2018-8463","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8463","Ordinal":"1","NoteData":"An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka \"Microsoft Edge Elevation of Privilege Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8463","Ordinal":"2","NoteData":"2018-09-12","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8463","Ordinal":"3","NoteData":"2018-09-29","Type":"Other","Title":"Modified"}]}}}