mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
104 lines
4.7 KiB
JSON
104 lines
4.7 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secure@microsoft.com",
|
|
"ID": "CVE-2019-0678",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Microsoft Edge",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "Windows Server 2016"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1607 for x64-based Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1703 for x64-based Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1709 for x64-based Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1803 for x64-based Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1809 for x64-based Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
|
|
},
|
|
{
|
|
"version_value": "Windows Server 2019"
|
|
},
|
|
{
|
|
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Microsoft"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Remote Code Execution"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0678",
|
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0678"
|
|
}
|
|
]
|
|
}
|
|
} |