BID:106877

Microsoft Edge CVE-2019-0649 Remote Privilege Escalation Vulnerability

CVE-2019-649 |

Info

Microsoft Edge CVE-2019-0649 Remote Privilege Escalation Vulnerability

Bugtraq ID:	106877
Class:	Design Error
CVE:	CVE-2019-0649
Remote:	Yes
Local:	No
Published:	Feb 12 2019 12:00AM
Updated:	Feb 12 2019 12:00AM
Credit:	Yuki Chen of Qihoo 360 Vulcan Team
Vulnerable:	Microsoft Edge 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for 32-bit Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for 32-bit Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 version 1511 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for 32-bit Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 Version 1607 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for 32-bit Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1703 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for 32-bit Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 version 1709 for x64-based Systems 0 + Microsoft Windows 10 Version 1803 for 32-bit Systems 0 + Microsoft Windows 10 Version 1803 for 32-bit Systems 0 + Microsoft Windows 10 Version 1803 for x64-based Systems 0 + Microsoft Windows 10 Version 1803 for x64-based Systems 0 + Microsoft Windows Server 2016 0 + Microsoft Windows Server 2016 0 + Microsoft Windows Server 2016 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0 + Microsoft Windows Server 2016 for x64-based Systems 0 Microsoft ChakraCore 0

Not Vulnerable:

Discussion

Microsoft Edge CVE-2019-0649 Remote Privilege Escalation Vulnerability

Microsoft Edge is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to gain elevated privileges.

Solution / Fix

Microsoft Edge CVE-2019-0649 Remote Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Microsoft Edge CVE-2019-0649 Remote Privilege Escalation Vulnerability

References:

Microsoft Edge - Homepage (Microsoft)
Microsoft Homepage (Microsoft)
CVE-2019-0649 | Scripting Engine Elevation of Privileged Vulnerability (Microsoft)