Proof-of-concept code published for Microsoft Edge remote code execution bug

More from: | ZDNET |

A security researcher has published today proof-of-concept code which an attacker can use to run malicious code on a remote computer via the Microsoft Edge browser.

More security news

The proof-of-concept (PoC) code is for a Microsoft Edge vulnerability —CVE-2018-8495— that Microsoft patched this week, part of its October 2018 Patch Tuesday.

The vulnerability was discovered by Kuwaiti security researcher Abdulrahman Al-Qabandi, who reported his findings to Microsoft via Trend Micro’s Zero-Day Initiative program.

Today, after making sure Microsoft had rolled out a fix, Al-Qabandi published in-depth details about the Edge vulnerability on his blog.

Besides the usual technical breakdown that accompanies all such vulnerability write-ups, the researcher’s also included proof-of-concept code so other researchers could reproduce the


Read full article »

About | ZDNET |

ZDNet brings together the reach of global and the depth of local, delivering 24/7 news coverage and analysis on the trends, technologies and opportunities that matter to IT professionals and decision makers.

Whatever your role in the IT buying cycle, ZDNet provides support -- from investigating options to optimizing a solution. Whether you want to follow hot topics or emerging trends, or keep up to date with the latest news and events, ZDNet is the destination for professionals seeking to research technology-related issues, and solve business technology problems.

»Twitter: @zdnet »Facebook: @ZDNet