Attacker Value
Moderate
1

Windowsrcer IE/Edge Cross-URL vulnerabilities

Last updated February 21, 2020

Exploitability

(1 user assessed) High
Attack Vector
Unknown
Privileges Required
Unknown
User Interaction
Unknown

Description

Cross-Origin bugs in IE and Edge allow bypassing SOP in both browsers.

0-days released by James Lee @Windowsrcer

Add Assessment

4
Ratings
  • Attacker Value
    Medium
  • Exploitability
    High
Technical Analysis

A SOP bug requires the attacker to inject a resource into one domain, and be listening on another. Such a vulnerability would need to be combined with a web application vulnerability like XSS, and would be less useful from a standalone PoV as something like a Metasploit module. But with the right target audience and web application, this is a nice primitive.

General Information

Technical Analysis