PoC Available for Microsoft Edge Zero-Day RCE, Exploit Under Development

Exploit developer Yushi Liang announced in a tweet that he discovered a remote code execution vulnerability in the Microsoft Edge web browser, with a Proof of Concept  (PoC) already available and an exploit in the works.

The zero-day Edge RCE vulnerability discovered by Liang could allow for arbitrary code execution once exploited by a potential attacker which, depending on the privilege level of the logged in account, could install programs on the compromised machine, create admin accounts, as well as exfiltrate and modify data.

Liang demonstrated the Proof of Concept on Twitter with the help of a screenshot displaying a Calculator window spawned from a Microsoft Edge instance.

Furthermore, Liang also created a video demonstrating the results of the RCE vulnerability with the Microsoft Edge web browser launching a Mozilla Firefox instance which in turn would open the Google Chrome download page.
... (read more)

No comments:

Post a Comment