Multiple vulnerabilities in Microsoft Browser

Описание

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

1. Use after free vulnerability in Portals can be exploited to cause denial of service or execute arbitrary code.
2. Implementation vulnerability in Web Share API can be exploited to cause denial of service.
3. Use after free in WebRTC vulnerability can be exploited to cause denial of service or execute arbitrary code.
4. Insufficient validation of untrusted input in WebOTP can be exploited to cause denial of service.
5. An elevation of privilege vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to gain privileges.
6. Implementation vulnerability in Resource Timing can be exploited to cause denial of service.
7. Use after free vulnerability in Extensions can be exploited to cause denial of service or execute arbitrary code.
8. Use after free vulnerability in QR Code Generator can be exploited to cause denial of service or execute arbitrary code.
9. Implementation in Extensions can be exploited to cause denial of service.
10. Use after free vulnerability in Tab Strip can be exploited to cause denial of service or execute arbitrary code.
11. Implementation vulnerability in Background Fetch API can be exploited to cause denial of service.
12. A spoofing vulnerability in Microsoft Edge (Chromium-based) can be exploited remotely to spoof user interface.
13. Use after free vulnerability in Shopping Cart can be exploited to cause denial of service or execute arbitrary code.
14. Implementation vulnerability in Web Cursor can be exploited to cause denial of service.
15. Heap buffer overflow vulnerability in WebUI can be exploited to cause denial of service.
16. Type confusion vulnerability in V8 can be exploited to cause denial of service.
17. Use after free vulnerability in Cast UI can be exploited to cause denial of service or execute arbitrary code.
18. Implementation vulnerability in Full Screen Mode can be exploited to cause denial of service.

Первичный источник обнаружения

• CVE-2022-1125
  CVE-2022-1128
  CVE-2022-1133
  CVE-2022-1130
  CVE-2022-26894
  CVE-2022-1146
  CVE-2022-1145
  CVE-2022-1127
  CVE-2022-1137
  CVE-2022-26891
  CVE-2022-1136
  CVE-2022-26908
  CVE-2022-26912
  CVE-2022-1139
  CVE-2022-24523
  CVE-2022-1135
  CVE-2022-1138
  CVE-2022-1143
  CVE-2022-26895
  CVE-2022-26900
  CVE-2022-1134
  CVE-2022-1131
  CVE-2022-24475
  CVE-2022-1129
  CVE-2022-26909
  

Связанные продукты

• Microsoft-Edge

Список CVE

• CVE-2022-1143
  warning
• CVE-2022-1133
  warning
• CVE-2022-1134
  warning
• CVE-2022-1138
  warning
• CVE-2022-1136
  warning
• CVE-2022-1127
  warning
• CVE-2022-1135
  warning
• CVE-2022-1129
  warning
• CVE-2022-1139
  warning
• CVE-2022-1137
  warning
• CVE-2022-1130
  warning
• CVE-2022-1128
  warning
• CVE-2022-1125
  warning
• CVE-2022-1146
  warning
• CVE-2022-1145
  warning
• CVE-2022-1131
  warning
• CVE-2022-26894
  high
• CVE-2022-26891
  high
• CVE-2022-26908
  high
• CVE-2022-26912
  high
• CVE-2022-24523
  warning
• CVE-2022-26895
  high
• CVE-2022-26900
  high
• CVE-2022-24475
  high
• CVE-2022-26909
  high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com