cvedb.io
CVE-2021-43844
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2021-12-20T22:15:07.883 · Last modified 2026-06-17T04:11:33.407

Summary

MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acceptance of a prompt. With how MSEdgeRedirect is coded, parameters are impossible to pass to any launched file. However, there are two possible scenarios in which an attacker can do more than a minor annoyance. In Scenario 1 (confirmed), a user visits an attacker controlled webpage; the user is prompted with, and downloads, an executable payload; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and RCE executes the payload the user previously downloaded, if the download path is successfully gu

Affected products

msedgeredirect_project — msedgeredirect

Does this affect you?

Add your gear to cvedb and we'll alert you only when msedgeredirect_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.