#Security Vulnerability

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**How could an attacker exploit the vulnerability?** To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

**How could an attacker exploit this vulnerability?** An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db\_owner within their Dynamics 356 database.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 100.0.1185.36 4/7/2022 100.0.4896.60

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 100.0.1185.36 4/7/2022 100.0.4896.60

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**I am running a supported version of Windows Server. Is my system vulnerable to this issue?** This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here.

**I am running a supported version of Windows Server. Is my system vulnerable to this issue?** This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here.