Local Privilege Escalation Bugs Including Four Zero-Day...

Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed by SandboxEscaper

Over the span of three days, from May 21 to May 23, security researcher SandboxEscaper published proof-of-concept (PoC) code for five vulnerabilities in Windows Task Scheduler (bearlpe), Windows Error Reporting (angrypolarbear2), Internet Explorer 11 (IE11), Microsoft Edge, and Windows Installer. Four of these five vulnerabilities are zero-days at the time the vulnerabilities were revealed. These follow previous public disclosures from this researcher of zero-day vulnerabilities in Windows Task Scheduler in August 2018, Data Sharing Service in October 2018 and ReadFile.exe and Windows Error Reporting (WER) in December 2018.

The five vulnerabilities published are named based on the folder names for each PoC:

“bearlpe” (zero-day)
“angrypolarbear2”
“sandboxescape” (zero-day)
“CVE-2019-0841-BYPASS” (zero-day)
“InstallerBypass” (zero-day)

One of the five vulnerabilities, angrypolarbear2, was fixed in the May 2019 Patch Tuesday release and is designated as CVE-2019-0863.

To learn more, please visit our blog.

Please note that since publication, it appears the researcher has removed the proof-of-concept (PoC) code from Github.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Local Privilege Escalation Bugs Including Four Zero-Day...

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia