CVE-2019-0555

HIGH

Microsoft XmlDocument - Privilege Escalation

Title source: llm
STIX 2.1

Description

An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Google Security Research · textlocalwindows
https://www.exploit-db.com/exploits/46185
nomisec WORKING POC 5 stars
by kai6u · poc
https://github.com/kai6u/TriBell_Edge_SandBox_Escape

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46185/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106395

Scores

CVSS v3 7.8
EPSS 0.0147
EPSS Percentile 81.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (14)
microsoft/windows_10
microsoft/windows_10 1607
microsoft/windows_10 1703
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
... and 4 more
Published Jan 08, 2019
Tracked Since Feb 18, 2026