Multiple vulnerabilities in Microsoft Browser

説明

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

1. Use after free vulnerability in Portals can be exploited to cause denial of service or execute arbitrary code.
2. Implementation vulnerability in Web Share API can be exploited to cause denial of service.
3. Use after free in WebRTC vulnerability can be exploited to cause denial of service or execute arbitrary code.
4. Insufficient validation of untrusted input in WebOTP can be exploited to cause denial of service.
5. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
6. Implementation vulnerability in Resource Timing can be exploited to cause denial of service.
7. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
8. Use after free vulnerability in QR Code Generator can be exploited to cause denial of service or execute arbitrary code.
9. Implementation in Extensions can be exploited to cause denial of service.
10. Use after free vulnerability in Tab Strip can be exploited to cause denial of service or execute arbitrary code.
11. Implementation vulnerability in Background Fetch API can be exploited to cause denial of service.
12. A spoofing vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to spoof user interface.
13. Use after free vulnerability in Shopping Cart can be exploited to cause denial of service or execute arbitrary code.
14. Implementation vulnerability in Web Cursor can be exploited to cause denial of service.
15. Heap buffer overflow vulnerability in WebUI can be exploited to cause denial of service.
16. Type confusion vulnerability in V8 can be exploited to cause denial of service.
17. Use after free vulnerability in Cast UI can be exploited to cause denial of service or execute arbitrary code.
18. Implementation vulnerability in Full Screen Mode can be exploited to cause denial of service.

オリジナルアドバイザリー

• CVE-2022-1125

• CVE-2022-1128
• CVE-2022-1133
• CVE-2022-1130
• CVE-2022-26894
• CVE-2022-1146
• CVE-2022-1145
• CVE-2022-1127
• CVE-2022-1137
• CVE-2022-26891
• CVE-2022-1136
• CVE-2022-26908
• CVE-2022-26912
• CVE-2022-1139
• CVE-2022-24523
• CVE-2022-1135
• CVE-2022-1138
• CVE-2022-1143
• CVE-2022-26895
• CVE-2022-26900
• CVE-2022-1134
• CVE-2022-1131
• CVE-2022-24475
• CVE-2022-1129
• CVE-2022-26909

エクスプロイテーション

Public exploits exist for this vulnerability.

関連製品

• Microsoft-Edge

CVEリスト

• CVE-2022-1143
  critical
• CVE-2022-1133
  critical
• CVE-2022-1134
  critical
• CVE-2022-1138
  high
• CVE-2022-1136
  critical
• CVE-2022-1127
  critical
• CVE-2022-1135
  critical
• CVE-2022-1129
  high
• CVE-2022-1139
  high
• CVE-2022-1137
  high
• CVE-2022-1130
  critical
• CVE-2022-1128
  high
• CVE-2022-1125
  critical
• CVE-2022-1146
  high
• CVE-2022-1145
  critical
• CVE-2022-1131
  critical
• CVE-2022-26894
  critical
• CVE-2022-26891
  critical
• CVE-2022-26908
  critical
• CVE-2022-26912
  critical
• CVE-2022-24523
  warning
• CVE-2022-26895
  critical
• CVE-2022-26900
  critical
• CVE-2022-24475
  critical
• CVE-2022-26909
  critical

KBリスト

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com