Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing

2023-04-1000:00:00

nu11secur1ty

www.exploit-db.com

181

microsoft edge webview2

spoofing

vulnerability

rapid7

cve-2023-24892

exploit

windows11exploits

poc

proof

infrastructure engineer

penetration testing engineer

exploit developer.

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

AI Score

8.3

Confidence

High

EPSS

0.006

Percentile

79.0%

JSON

## Title: Microsoft-Edge-(Chromium-based)-Webview2-1.0.1661.34-Spoofing-Vulnerability
## Author: nu11secur1ty
## Date: 04.10.2023
## Vendor: https://developer.microsoft.com/en-us/
## Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/
## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/
## CVE ID: CVE-2023-24892

## Description:
The Webview2 development platform is vulnerable to Spoofing attacks.
The attacker can build a very malicious web app and spread it to the
victim's networks.
and when they open it this can be the last web app opening for them.

STATUS: HIGH Vulnerability

[+]Exploit:

[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892/PoC)


## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892)

## Proof and Exploit:
[href](https://streamable.com/uk7l2n)

## Time spend:
03:00:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>