CVE-2019-0566

HIGH

Microsoft Edge - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-0566. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages a COM object (Browser Broker) in Windows 10 1803 that fails to verify the caller's session, allowing arbitrary code execution in another user's session by impersonating Microsoft Edge's token. The PoC steals an Edge token and restarts itself in another session to exploit the vulnerability.

Description

An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textlocalwindows
https://www.exploit-db.com/exploits/46161

The exploit leverages a COM object (Browser Broker) in Windows 10 1803 that fails to verify the caller's session, allowing arbitrary code execution in another user's session by impersonating Microsoft Edge's token. The PoC steals an Edge token and restarts itself in another session to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows 10 1803 (Browser Broker COM object)
Auth required
Prerequisites: Two users logged on to the same system · Microsoft Edge running in the attacker's session
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106417
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46161/

Scores

CVSS v3 8.8
EPSS 0.1862
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
microsoft/edge
Published Jan 08, 2019
Tracked Since Feb 18, 2026