| VID |
50420 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 121.0.2277.112. It is, therefore, affected by multiple vulnerabilities as referenced in the February 8, 2024 advisory.
- Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-1283)
- Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-1284)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#february-8-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1283
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-1284
* Platforms Affected:
Microsoft Edge versions prior to 121.0.2277.112
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (121.0.2277.112 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2024-1283,CVE-2024-1284 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
