|CVSS SCORE||4.4, (AV:L/AC:M/Au:N/C:P/I:P/A:P)|
The specific flaw exists due to the fact that various operations can be triggered from within the Microsoft Edge sandbox. Considered individually, these operations do not pose a risk. However, they can be used in combination to produce an unsafe result. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current user at medium integrity.
Microsoft has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Danny__Wei of Tencent's Xuanwu Lab