| VID |
50429 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Edge installed on the remote Windows host is prior to 129.0.2792.89. It is, therefore, affected by multiple vulnerabilities as referenced in the October 10, 2024 advisory.
- Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2024-9602)
- Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-9603)
* References:
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-10-2024
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9602
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-9603
* Platforms Affected:
Microsoft Edge versions prior to 129.0.2792.89
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Microsoft Edge at (129.0.2792.89 or later), as described in the Microsoft Security bulletin at
https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security |
| Related URL |
CVE-2024-9602,CVE-2024-9603 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
