| VID |
50423 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 126.0.2592.81. It is, therefore, affected by multiple vulnerabilities as referenced in the June 27, 2024 advisory.
- Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-6290, CVE-2024-6292, CVE-2024-6293)
- Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-6291)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#june-27-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-34122
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6290
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6291
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6292
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6293
* Platforms Affected:
Microsoft Edge versions prior to 126.0.2592.81
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at ( 126.0.2592.81 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2024-34122, CVE-2024-6290,CVE-2024-6291,CVE-2024-6292,CVE-2024-6293 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
