| VID |
50397 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2022 advisory.
- Out of bounds write in Storage. (CVE-2022-3195)
- Use after free in PDF. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)
- Use after free in Frames. (CVE-2022-3199)
- Heap buffer overflow in Internals. (CVE-2022-3200)
* References:
http://www.nessus.org/u?c255ed38
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2294
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2295
* Platforms Affected:
Microsoft Edge versions prior to 105.0.1343.42
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (105.0.1343.42 or later), as described in the Microsoft Security bulletin at
https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#july-22-2022 |
| Related URL |
CVE-2022-3195,CVE-2022-3196,CVE-2022-3197,CVE-2022-3198,CVE-2022-3199,CVE-2022-3200 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
