Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-43489 (GCVE-0-2024-43489)
Vulnerability from cvelistv5 – Published: 2024-09-19 20:43 – Updated: 2024-12-31 23:03
VLAI
EPSS
Title
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Summary
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Severity
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 129.0.2792.52
(custom)
|
Date Public
2024-09-19 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T13:38:01.713018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T13:38:11.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "129.0.2792.52",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "129.0.2792.52",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-09-19T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T23:03:28.945Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
}
],
"title": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-43489",
"datePublished": "2024-09-19T20:43:32.854Z",
"dateReserved": "2024-08-14T01:08:33.520Z",
"dateUpdated": "2024-12-31T23:03:28.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-43489",
"date": "2026-05-27",
"epss": "0.00438",
"percentile": "0.63296"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"129.0.2792.52\", \"matchCriteriaId\": \"F0BF594F-B1FD-4557-8D75-5FF42CC0E5AA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo en Microsoft Edge (basado en Chromium)\"}]",
"id": "CVE-2024-43489",
"lastModified": "2024-09-23T17:33:25.633",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-09-19T21:15:15.677",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43489\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-09-19T21:15:15.677\",\"lastModified\":\"2024-09-23T17:33:25.633\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Edge (basado en Chromium)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"129.0.2792.52\",\"matchCriteriaId\":\"F0BF594F-B1FD-4557-8D75-5FF42CC0E5AA\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43489\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-20T13:38:01.713018Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-20T13:38:07.253Z\"}}], \"cna\": {\"title\": \"Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft Edge (Chromium-based)\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"129.0.2792.52\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2024-09-19T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489\", \"name\": \"Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"129.0.2792.52\", \"versionStartIncluding\": \"1.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2024-12-31T23:03:28.945Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-43489\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-31T23:03:28.945Z\", \"dateReserved\": \"2024-08-14T01:08:33.520Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2024-09-19T20:43:32.854Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0793
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 129.0.2792.52",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-8909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
},
{
"name": "CVE-2024-8905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-8907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
},
{
"name": "CVE-2024-43489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43489"
},
{
"name": "CVE-2024-38221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38221"
},
{
"name": "CVE-2024-8904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
},
{
"name": "CVE-2024-43496",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43496"
},
{
"name": "CVE-2024-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0793",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8908",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8908"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38221"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8909",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8909"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8906",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8906"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-43496",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43496"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-43489",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8907",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8907"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8905",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8905"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8904",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8904"
}
]
}
CERTFR-2024-AVI-0793
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 129.0.2792.52",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-8909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8909"
},
{
"name": "CVE-2024-8905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8905"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-8907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8907"
},
{
"name": "CVE-2024-43489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43489"
},
{
"name": "CVE-2024-38221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38221"
},
{
"name": "CVE-2024-8904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8904"
},
{
"name": "CVE-2024-43496",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43496"
},
{
"name": "CVE-2024-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8908"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0793",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8908",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8908"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38221"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8909",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8909"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8906",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8906"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-43496",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43496"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-43489",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8907",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8907"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8905",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8905"
},
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8904",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8904"
}
]
}
BDU:2024-07783
Vulnerability from fstec - Published: 19.09.2024
VLAI
Title
Уязвимость браузера Microsoft Edge, связанная с ошибками смешения типов данных, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость браузера Microsoft Edge связана с ошибками смешения типов данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity
Vendor
Microsoft Corp
Software Name
Microsoft Edge
Software Version
до 129.0.2792.52 (Microsoft Edge)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489
CWE
CWE-843
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1623, TO1624",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1623 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Microsoft Edge, TO1624 \u041e\u0431\u043d\u043e\u0432\u043b\u043d\u0435\u043d\u0438\u0435 Microsoft Edge",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 129.0.2792.52 (Microsoft Edge)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.10.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.10.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07783",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-43489",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Edge",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Microsoft Edge, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u043c\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0435 \u0442\u0438\u043f\u044b (CWE-843)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Microsoft Edge \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u043c\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-843",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CNVD-2024-39656
Vulnerability from cnvd - Published: 2024-09-30
VLAI
Title
Microsoft Edge (Chromium-based)远程代码执行漏洞(CNVD-2024-39656)
Description
Microsoft Edge是美国微软(Microsoft)公司的一款Windows 10之后版本系统附带的Web浏览器。
Microsoft Edge (Chromium-based)存在远程代码执行漏洞,该漏洞是由类型混淆漏洞引起的。攻击者可利用此漏洞在系统上执行任意代码。
Severity
高
Patch Name
Microsoft Edge (Chromium-based)远程代码执行漏洞(CNVD-2024-39656)的补丁
Patch Description
Microsoft Edge是美国微软(Microsoft)公司的一款Windows 10之后版本系统附带的Web浏览器。
Microsoft Edge (Chromium-based)存在远程代码执行漏洞,该漏洞是由类型混淆漏洞引起的。攻击者可利用此漏洞在系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489
Impacted products
| Name | Microsoft Edge (Chromium-based) |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-43489"
}
},
"description": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eWindows 10\u4e4b\u540e\u7248\u672c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\n\nMicrosoft Edge (Chromium-based)\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-39656",
"openTime": "2024-09-30",
"patchDescription": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eWindows 10\u4e4b\u540e\u7248\u672c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge (Chromium-based)\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u7c7b\u578b\u6df7\u6dc6\u6f0f\u6d1e\u5f15\u8d77\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft Edge (Chromium-based)\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2024-39656\uff09\u7684\u8865\u4e01",
"products": {
"product": "Microsoft Edge (Chromium-based)"
},
"referenceLink": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489",
"serverity": "\u9ad8",
"submitTime": "2024-09-23",
"title": "Microsoft Edge (Chromium-based)\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2024-39656\uff09"
}
FKIE_CVE-2024-43489
Vulnerability from fkie_nvd - Published: 2024-09-19 21:15 - Updated: 2024-09-23 17:33
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | edge_chromium | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0BF594F-B1FD-4557-8D75-5FF42CC0E5AA",
"versionEndExcluding": "129.0.2792.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Edge (basado en Chromium)"
}
],
"id": "CVE-2024-43489",
"lastModified": "2024-09-23T17:33:25.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-19T21:15:15.677",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-J9FF-392X-7Q7V
Vulnerability from github – Published: 2024-09-19 21:33 – Updated: 2024-09-19 21:33
VLAI
Details
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-43489"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-19T21:15:15Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"id": "GHSA-j9ff-392x-7q7v",
"modified": "2024-09-19T21:33:29Z",
"published": "2024-09-19T21:33:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43489"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2024-43489
Vulnerability from csaf_microsoft - Published: 2024-09-10 07:00 - Updated: 2024-09-19 07:00Summary
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-843
- Access of Resource Using Incompatible Type ('Type Confusion')
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge (Chromium-based) 129.0.2792.52
Microsoft Edge (Chromium-based)
|
129.0.2792.52 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge (Chromium-based) <129.0.2792.52
Microsoft Edge (Chromium-based)
|
<129.0.2792.52 |
Vendor Fix
fix
|
Threats
Impact
Remote Code Execution
Exploit Status
Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
References
7 references
Acknowledgments
<a href="https://x.com/eternalsakura13">Nan Wang(@eternalsakura13)</a>
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://x.com/eternalsakura13\"\u003eNan Wang(@eternalsakura13)\u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43489 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
},
{
"category": "self",
"summary": "CVE-2024-43489 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/2024/msrc_cve-2024-43489.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"tracking": {
"current_release_date": "2024-09-19T07:00:00.000Z",
"generator": {
"date": "2024-12-31T23:02:29.866Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-43489",
"initial_release_date": "2024-09-10T07:00:00.000Z",
"revision_history": [
{
"date": "2024-09-19T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c129.0.2792.52",
"product": {
"name": "Microsoft Edge (Chromium-based) \u003c129.0.2792.52",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "129.0.2792.52",
"product": {
"name": "Microsoft Edge (Chromium-based) 129.0.2792.52",
"product_id": "11655"
}
}
],
"category": "product_name",
"name": "Microsoft Edge (Chromium-based)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43489",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The user would have to click on a specially crafted URL to be compromised by the attacker.",
"title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
},
{
"category": "faq",
"text": "Successful exploitation of this vulnerability requires the victim user to click a malicious link in order for the attacker to initiate remote code execution on the renderer process.",
"title": "According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?"
},
{
"category": "faq",
"text": "Stable: Stable, CVE-2024-8904,: CVE-2024-8904,, 129.0.6668.58/.59: 129.0.6668.58/.59, 9/19/2024: 9/19/2024",
"title": "What is the version information for this release?"
}
],
"product_status": {
"fixed": [
"11655"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43489 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
},
{
"category": "self",
"summary": "CVE-2024-43489 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43489"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-19T07:00:00.000Z",
"details": "129.0.2792.52:Security Update:https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security",
"product_ids": [
"1"
],
"url": "https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Remote Code Execution"
},
{
"category": "exploit_status",
"details": "Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely"
}
],
"title": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability"
}
]
}
WID-SEC-W-2024-2189
Vulnerability from csaf_certbund - Published: 2024-09-19 22:00 - Updated: 2024-09-19 22:00Summary
Microsoft Edge: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Edge ist ein Web Browser von Microsoft.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, beliebigen Code auszuführen oder nicht spezifizierte Effekte zu erzielen.
Betroffene Betriebssysteme: - Android
- Sonstiges
- Windows
Es besteht eine Schwachstelle in Microsoft Edge, die bisher noch nicht im Detail veröffentlicht worden ist. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Cross-Site-Scripting-Angriff durchzuführen. Für eine erfolgreiche Ausnutzung ist eine Benutzerinteraktion erforderlich, der Benutzer muss auf eine speziell gestaltete URL klicken.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge, die derzeit noch nicht im Detail veröffentlicht wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen. Für eine erfolgreiche Ausnutzung ist eine Benutzerinteraktion erforderlich. Der Benutzer muss auf eine speziell gestaltete URL klicken.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge, die derzeit noch nicht im Detail veröffentlicht wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen. Für eine erfolgreiche Ausnutzung ist eine Benutzerinteraktion erforderlich. Der Benutzer muss auf eine speziell gestaltete URL klicken.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgemäße Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler können zur Remotecodeausführung führen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgemäße Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler können zur Remotecodeausführung führen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgemäße Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler können zur Remotecodeausführung führen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgemäße Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler können zur Remotecodeausführung führen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgemäße Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler können zur Remotecodeausführung führen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgemäße Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler können zur Remotecodeausführung führen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Edge Extended Stable Channel <128.0.2739.90
Microsoft / Edge
|
Extended Stable Channel <128.0.2739.90 | ||
|
Microsoft Edge Android
Microsoft / Edge
|
cpe:/a:microsoft:edge:android
|
Android | |
|
Microsoft Edge Stable Channel <129.0.2792.52
Microsoft / Edge
|
Stable Channel <129.0.2792.52 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Edge ist ein Web Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren oder nicht spezifizierte Effekte zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2189 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2189.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2189 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2189"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2024-09-19",
"url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#september-19-2024"
},
{
"category": "external",
"summary": "Stable Channel Update for Desktop vom 2024-09-17",
"url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html"
}
],
"source_lang": "en-US",
"title": "Microsoft Edge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-09-19T22:00:00.000+00:00",
"generator": {
"date": "2024-09-20T10:41:14.232+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-2189",
"initial_release_date": "2024-09-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Stable Channel \u003c129.0.2792.52",
"product": {
"name": "Microsoft Edge Stable Channel \u003c129.0.2792.52",
"product_id": "T037755"
}
},
{
"category": "product_version",
"name": "Stable Channel 129.0.2792.52",
"product": {
"name": "Microsoft Edge Stable Channel 129.0.2792.52",
"product_id": "T037755-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:stable_channel__129.0.2792.52"
}
}
},
{
"category": "product_version_range",
"name": "Extended Stable Channel \u003c128.0.2739.90",
"product": {
"name": "Microsoft Edge Extended Stable Channel \u003c128.0.2739.90",
"product_id": "T037756"
}
},
{
"category": "product_version",
"name": "Extended Stable Channel 128.0.2739.90",
"product": {
"name": "Microsoft Edge Extended Stable Channel 128.0.2739.90",
"product_id": "T037756-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:extended_stable_channel__128.0.2739.90"
}
}
},
{
"category": "product_version",
"name": "Android",
"product": {
"name": "Microsoft Edge Android",
"product_id": "T037757",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:android"
}
}
}
],
"category": "product_name",
"name": "Edge"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38221",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Microsoft Edge, die bisher noch nicht im Detail ver\u00f6ffentlicht worden ist. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung ist eine Benutzerinteraktion erforderlich, der Benutzer muss auf eine speziell gestaltete URL klicken."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-38221"
},
{
"cve": "CVE-2024-43489",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge, die derzeit noch nicht im Detail ver\u00f6ffentlicht wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen. F\u00fcr eine erfolgreiche Ausnutzung ist eine Benutzerinteraktion erforderlich. Der Benutzer muss auf eine speziell gestaltete URL klicken."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-43489"
},
{
"cve": "CVE-2024-43496",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge, die derzeit noch nicht im Detail ver\u00f6ffentlicht wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen. F\u00fcr eine erfolgreiche Ausnutzung ist eine Benutzerinteraktion erforderlich. Der Benutzer muss auf eine speziell gestaltete URL klicken."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-43496"
},
{
"cve": "CVE-2024-8904",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgem\u00e4\u00dfe Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler k\u00f6nnen zur Remotecodeausf\u00fchrung f\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-8904"
},
{
"cve": "CVE-2024-8905",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgem\u00e4\u00dfe Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler k\u00f6nnen zur Remotecodeausf\u00fchrung f\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-8905"
},
{
"cve": "CVE-2024-8906",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgem\u00e4\u00dfe Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler k\u00f6nnen zur Remotecodeausf\u00fchrung f\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-8906"
},
{
"cve": "CVE-2024-8907",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgem\u00e4\u00dfe Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler k\u00f6nnen zur Remotecodeausf\u00fchrung f\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-8907"
},
{
"cve": "CVE-2024-8908",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgem\u00e4\u00dfe Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler k\u00f6nnen zur Remotecodeausf\u00fchrung f\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-8908"
},
{
"cve": "CVE-2024-8909",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft Edge. Diese Fehler bestehen in mehreren Komponenten, darunter V8, die Omnibox oder die Downloads, aufgrund verschiedener sicherheitsrelevanter Probleme wie Typverwechslung, unsachgem\u00e4\u00dfe Implementierung oder unzureichende Datenvalidierung und mehr. Diese Fehler k\u00f6nnen zur Remotecodeausf\u00fchrung f\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T037756",
"T037757",
"T037755"
]
},
"release_date": "2024-09-19T22:00:00.000+00:00",
"title": "CVE-2024-8909"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…