Windowsrcer IE/Edge Cross-URL vulnerabilities

2020-06-02T00:00:00
ID AKB:7962C6DB-020F-496C-9EAD-77F2FB991724
Type attackerkb
Reporter AttackerKB
Modified 2020-06-02T00:00:00

Description

Cross-Origin bugs in IE and Edge allow bypassing SOP in both browsers.

0-days released by James Lee @Windowsrcer

Recent assessments:

busterb at August 21, 2019 4:31pm UTC reported:

A SOP bug requires the attacker to inject a resource into one domain, and be listening on another. Such a vulnerability would need to be combined with a web application vulnerability like XSS, and would be less useful from a standalone PoV as something like a Metasploit module. But with the right target audience and web application, this is a nice primitive.

Assessed Attacker Value: 3
Assessed Attacker Value: 4