ZDI-26-331: (Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability

Key Points:

• Vulnerability: A directory traversal vulnerability in Microsoft Edge (ZDI-26-331) allows remote code execution.
• Impact Assessment: This vulnerability affects installations of Microsoft Edge, enabling attackers to execute arbitrary code upon user interaction, such as visiting a malicious page or opening a malicious file.
• Recommended Actions: Users should avoid visiting suspicious websites and opening untrusted files. Organizations should apply security updates from Microsoft once available.

Technical Details: The vulnerability requires user interaction for exploitation, meaning the target must engage with a malicious page or file. The CVSS rating has been assigned by the ZDI but is not specified in the provided content.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned