| VID |
50404 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 108.0.1462.54. It is, therefore, affected by multiple vulnerabilities as referenced in the December 16, 2022 advisory.
- Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4436)
- Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4437)
- Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-4438)
- Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) (CVE-2022-4439)
- Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2022-4440)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#december-16-2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4436
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4437
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4438
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4439
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4440
* Platforms Affected:
Microsoft Edge versions prior to 108.0.1462.54
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (108.0.1462.54 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#december-16-2022 |
| Related URL |
CVE-2022-4436,CVE-2022-4437,CVE-2022-4438,CVE-2022-4439,CVE-2022-4440 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
