| VID |
50424 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 127.0.2651.98. It is, therefore, affected by multiple vulnerabilities as referenced in the August 8, 2024 advisory.
- Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2024-7532)
- Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7533)
- Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7534)
- Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7535)
- Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7536)
- Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-7550)
- Microsoft Edge (HTML-based) Memory Corruption Vulnerability (CVE-2024-38218)
- Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2024-38219)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#august-8-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38218
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38219
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7532
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7533
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7534
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7535
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7536
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7550
* Platforms Affected:
Microsoft Edge versions prior to 127.0.2651.98
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (127.0.2651.98 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2024-38218,CVE-2024-38219,CVE-2024-7532,CVE-2024-7533,CVE-2024-7534,CVE-2024-7535,CVE-2024-7536,CVE-2024-7550 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
