CVE-2019-0678

MEDIUM

Microsoft Edge - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-0678. PoCs published by sandi-go.

AI-analyzed exploit summary This repository contains a README describing CVE-2019-0678, an elevation of privilege vulnerability in Microsoft Edge. The vulnerability allows arbitrary JavaScript execution and local file theft, but no exploit code is provided.

Description

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.

Exploits (1)

nomisec WRITEUP

by sandi-go · poc

https://github.com/sandi-go/CVE-2019-0678

View Code ZIP pw:eip

This repository contains a README describing CVE-2019-0678, an elevation of privilege vulnerability in Microsoft Edge. The vulnerability allows arbitrary JavaScript execution and local file theft, but no exploit code is provided.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Theoretical

Reliability

Theoretical

Target: Microsoft Edge (unspecified version)

No auth needed

Prerequisites: User interaction required to exploit via Microsoft Edge

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0678

Scores

CVSS v3 6.8

EPSS 0.0609

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE

CWE-863

Status published

Products (1)

microsoft/edge

Published Apr 09, 2019

Tracked Since Feb 18, 2026