| VID |
50414 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory.
- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-35618)
- Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-36880, CVE-2023-38174)
- Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6508)
- Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) (CVE-2023-6509)
- Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2023-6510)
- Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-6511)
- Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page.
(Chromium security severity: Low) (CVE-2023-6512)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#december-7-2023
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35618
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36880
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38174
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6508
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6509
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6510
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6511
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-6512
* Platforms Affected:
Microsoft Edge versions prior to 120.0.2210.61
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (120.0.2210.61 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2023-35618,CVE-2023-36880,CVE-2023-38174,CVE-2023-6508,CVE-2023-6509,CVE-2023-6510,CVE-2023-6511,CVE-2023-6512 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
