Privacy News PoC Code Available for Microsoft Edge Remote Code Execution Bug

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/poc-code-available-for-microsoft-edge-remote-code-execution-bug/

The flurry of security bugs Microsoft addressed with this month's rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters.

Now tracked as CVE-2018-8495, the bug was discovered by security researcher Abdulrahman Al-Qabandi.

His investigation started from the simple response to the 'mailto' URI scheme in Microsoft Edge when he noticed that Outlook would launch with a parameter customized for the scenario at hand.
... ...

 

[shmu26]

That would have been a wicked zero-day.
Good article, worth reading.