What is CVE-2019-0938?

CVE-2019-0938 is a vulnerability in Microsoft Edge. Published 2019-05-16.

Is CVE-2019-0938 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Edge

CVE-2019-0938

An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.

EPSS: 0.011 (78.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Edge — versions Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows Server 2016
Microsoft Edge On Windows 10 Version 1903 For 32-bit Systems — versions unspecified
Microsoft Edge On Windows 10 Version 1903 For Arm64-based Systems — versions unspecified
Microsoft Edge On Windows 10 Version 1903 For X64-based Systems — versions unspecified

Public proof-of-concept exploits

alphaSeclab/sec-daily-2019

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0938 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-0938?: CVE-2019-0938 is a vulnerability in Microsoft Edge. Published 2019-05-16.
Is CVE-2019-0938 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.