Multiple vulnerabilities in Microsoft Browser

説明

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Implementation vulnerability in Extensions API can be exploited to cause denial of service.
2. Policy enforcement vulnerability in Cookies can be exploited to cause denial of service.
3. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
4. Use after free vulnerability in Managed devices API can be exploited to cause denial of service or execute arbitrary code.
5. Use after free vulnerability in Sign-In Flow can be exploited to cause denial of service or execute arbitrary code.
6. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
7. Heap buffer overflow vulnerability in PDF can be exploited to cause denial of service.
8. Validation of untrusted input vulnerability in Safe Browsing can be exploited to cause denial of service.
9. Use after free vulnerability in Omnibox can be exploited to cause denial of service or execute arbitrary code.
10. Implementation vulnerability in Fullscreen API can be exploited to cause denial of service.
11. Out of bounds read vulnerability in Dawn can be exploited to cause denial of service.
12. Policy enforcement vulnerability in Background Fetch can be exploited to cause denial of service.
13. Use after free vulnerability in Safe Browsing can be exploited to cause denial of service or execute arbitrary code.
14. Side-channel information leakage vulnerability in Keyboard input can be exploited to obtain sensitive information.
15. Use after free vulnerability in Offline can be exploited to cause denial of service or execute arbitrary code.
16. Use after free vulnerability in Extensions API can be exploited to cause denial of service or execute arbitrary code.
17. A security feature bypass vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to bypass security restrictions.
18. A remote code execution vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to execute arbitrary code.
19. Validation of untrusted input vulnerability in Settings can be exploited to cause denial of service.
20. Validation of untrusted input vulnerability in Internals can be exploited to cause denial of service.

オリジナルアドバイザリー

• CVE-2022-2616

• CVE-2022-2615
• CVE-2022-2621
• CVE-2022-2614
• CVE-2022-35796
• CVE-2022-2624
• CVE-2022-2622
• CVE-2022-2611
• CVE-2022-2610
• CVE-2022-2612
• CVE-2022-2623
• CVE-2022-2617
• CVE-2022-33649
• CVE-2022-33636
• CVE-2022-2619
• CVE-2022-2618
• CVE-2022-2606
• CVE-2022-2603
• CVE-2022-2605
• CVE-2022-2604

エクスプロイテーション

Public exploits exist for this vulnerability.

関連製品

• Microsoft-Edge

CVEリスト

• CVE-2022-2605
  high
• CVE-2022-2610
  high
• CVE-2022-2606
  critical
• CVE-2022-2614
  critical
• CVE-2022-2623
  critical
• CVE-2022-2619
  warning
• CVE-2022-2617
  critical
• CVE-2022-2612
  high
• CVE-2022-2616
  high
• CVE-2022-2603
  critical
• CVE-2022-2611
  warning
• CVE-2022-2604
  critical
• CVE-2022-2621
  critical
• CVE-2022-2615
  high
• CVE-2022-2622
  high
• CVE-2022-2624
  critical
• CVE-2022-2618
  high
• CVE-2022-35796
  critical
• CVE-2022-33649
  critical
• CVE-2022-33636
  critical

KBリスト

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com