The flurry of security bugs Microsoft addressed with this month's
rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters.
Now tracked as
CVE-2018-8495, the bug was discovered by security researcher Abdulrahman Al-Qabandi.
His investigation started from the simple response to the 'mailto' URI scheme in Microsoft Edge when he noticed that Outlook would launch with a parameter customized for the scenario at hand.
... ...