According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. According to the CVSS metrics, the attack vector is local (AV:L). What does that mean for this vulnerability? An attacker must have loaded the malicious executable onto the victim's machine through social engineering first. The execution of the attack itself only occurs on the victim's local machine with no network access required. According to the CVSS metric, successful exploitation of this vulnerability could lead to no loss of availability (A:N)? What does that mean for this vulnerability? An attacker cannot impact the availability of the browser. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L). What does that mean for this vulnerability? The attacker who successfully exploited the vulnerability could have limited ability to perform code execution. What is the version information for this release? Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 111.0.1661.54 111.0.5563.110/.111 3/23/2023 Extended Stable 110.0.1587.78 110.0.5481.208 3/23/2023
<a href="https://github.com/kohnakagawa">Koh M. Nakagawa</a> with <a href="https://www.ffri.jp/en/index.htm">FFRI Security, Inc.</a>