vendor:
Microsoft Edge
by:
Unspecified
7.8
CVSS
HIGH
Bypass of Address Space Layout Randomization (ASLR)
20
CWE
Product Name: Microsoft Edge
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10
2018
Microsoft Edge Content Process ACG Bypass
A vulnerability in Microsoft Edge Content Process (MicrosoftEdgeCP.exe) allows an attacker to bypass Address Space Layout Randomization (ASLR) and tamper with another MicrosoftEdgeCP.exe process in such a way that it never enables ACG. This can be done by OpenProcess() and calling a single WriteProcessMemory() with a known address. This allows the attacker to further tamper with the process and get it to allocate executable memory and run arbitrary payload either in process A or process B.
Mitigation:
Microsoft has released a patch to address this vulnerability.