# CVE-2018-1021 | ZDI-18-428 - MicrosoftEdge Information Disclosure Vulnerability zdi ADVISORY ```c vulnerability details =================================================================================================: msedge edgehtml!CFormElement::DoReset OOB read information disclosure vulnerability, there exist an information disclosure vulnerability in microsoftedge as of the time of writing (19/2/2018). this vulnerability is reliably exploitable and high in severity. users of the browser may be affected to data theft as an attacker can disclose data out of the process heap. to be clear this is not only exploitable for further compromise of the renderer process but also exploitable of its own as an attacker can disclose sensitive information stored in the browser, like session storage etc.. technical details =================================================================================================: lets look at some of the poc: [cut]