| VID |
50430 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 130.0.2849.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 17, 2024 advisory.
- Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2024-43566, CVE-2024-43578, CVE-2024-43579, CVE-2024-43587, CVE-2024-43595, CVE-2024-43596, CVE-2024-49023)
- Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-43577, CVE-2024-43580)
- Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-9954)
- Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9955)
- Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9956)
- Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9957)
- Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9958)
- Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension.
(Chromium security severity: Medium) (CVE-2024-9959)
- Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9960)
- Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9961)
- Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9962)
- Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-9963)
- Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) (CVE-2024-9964)
- Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-9965)
- Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-9966)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-17-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9954
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9955
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024- |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (130.0.2849.46 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2024-43566,CVE-2024-43577,CVE-2024-43578,CVE-2024-43579,CVE-2024-43580,CVE-2024-43587,CVE-2024-43595,CVE-2024-43596,CVE-2024-49023 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
