Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability - CVE-2020-1341ID: oval:org.secpod.oval:def:64427 | Date: (C)2020-07-17 (M)2024-05-02 |
Class: VULNERABILITY | Family: windows |
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) before 84.0.522.40 when DLL files are allowed to download without prompting additional warning to the user. An attacker who successfully exploited this vulnerability could drop the DLL files on the users Download folder (or equivalent) and gain elevated privileges. To exploit the vulnerability, the user must browse to a malicious website that is design to download a DLL file and click on the page to being the process. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to go to the malicious site.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
Microsoft Edge (Chromium-based) |