CVE-2018-8463

HIGH

Microsoft Edge - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8463. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Edge (CVE-2018-8469) to achieve remote code execution by chaining multiple stages: bypassing URL checks to spawn a privileged content process, redirecting to Internet Explorer via a compatibility view list domain, and executing arbitrary files via a crafted LNK file.

Description

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textremotewindows

https://www.exploit-db.com/exploits/45502

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Edge (CVE-2018-8469) to achieve remote code execution by chaining multiple stages: bypassing URL checks to spawn a privileged content process, redirecting to Internet Explorer via a compatibility view list domain, and executing arbitrary files via a crafted LNK file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Edge (Build 17692.rs_prerelease.180609-1317)

No auth needed

Prerequisites: Remote machine with Samba and HTTP server · Domain in IE compatibility view list · Hardcoded offsets for specific build

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45502/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041623

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8463

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105260

Scores

CVSS v3 7.4

EPSS 0.1542

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Details

Status published

Products (1)

microsoft/edge

Published Sep 13, 2018

Tracked Since Feb 18, 2026