FortiClient VulnerabilityMicrosoft XmlDocument CVE-2019-0555 Elevation of Privilege Vulnerability
Description
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerability by itself does not allow arbitrary code to run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (for example a remote code execution vulnerability and another elevation of privilege vulnerability) to take advantage of the elevated privileges when running. The security update addresses the vulnerability by modifying how the Microsoft XmlDocument class enforces sandboxing.
Affected Applications
Windows RT 8.1
Windows Server version 1709 (Server Core Installation)
Windows Server 2016
Windows Server version 1803 (Server Core Installation)
Windows Server 2012
Windows 8
Windows 10
Windows Server 2019
CVE References
CVE-2019-0555Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0555| ID | 56389 |
| Created | Jan 08, 2019 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows RT 8.1 , Windows Server version 1709 (Server Core Installation) , Windows Server 2016 , Windows Server version 1803 (Server Core Installation) , Windows Server 2012 , Windows 8 , Windows 10 , Windows Server 2019 |