Kaspersky LabKLA12430KLA12430 Multiple vulnerabilities in Microsoft Browser
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.5%
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.
Below is a complete list of vulnerabilities:
- Use after free vulnerability in web packaging can be exploited to cause denial of service or execute arbitrary code.
- Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or cause denial of service.
- Use after free vulnerability in safe browsing can be exploited to cause denial of service or execute arbitrary code.
- Implementation vulnerability in Storage can be exploited to cause denial of service.
- Race condition vulnerability in GPU Watchdog can be exploited to cause denial of service.
- Heap buffer overflow vulnerability in PDFium can be exploited to execute arbitrary code or cause denial of service.
- Use after free vulnerability in Omnibox can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Bookmarks can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Vulkan can be exploited to cause denial of service or execute arbitrary code.
- Implementation vulnerability in Autofill can be exploited to cause denial of service.
- Implementation vulnerability in Service Worker API can be exploited to cause denial of service.
- Use after free vulnerability in Optimization Guide can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Data Transfer can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in site isolation can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Scheduling can be exploited to cause denial of service or execute arbitrary code.
- Use after free vulnerability in Printing can be exploited to cause denial of service or execute arbitrary code.
- Implementation vulnerability in Fenced Frames can be exploited to cause denial of service.
- Implementation vulnerability in push messaging can be exploited to cause denial of service.
- Heap buffer overflow vulnerability in DevTools can be exploited to execute arbitrary code or cause denial of service.
- Use after free vulnerability in Text Input Method Editor can be exploited to cause denial of service or execute arbitrary code.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2022-0305 high
CVE-2022-0306 critical
CVE-2022-0293 critical
CVE-2022-0298 critical
CVE-2022-0290 critical
CVE-2022-0296 critical
CVE-2022-0307 critical
CVE-2022-0304 critical
CVE-2022-0302 critical
CVE-2022-0310 critical
CVE-2022-0308 critical
CVE-2022-0294 high
CVE-2022-0303 warning
CVE-2022-0301 critical
CVE-2022-0289 critical
CVE-2022-0311 critical
CVE-2022-0295 critical
CVE-2022-0292 high
CVE-2022-0300 critical
CVE-2022-0291 high
CVE-2022-0297 critical
CVE-2022-0309 high
KB list
Solution
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Microsoft Edge (Chromium-based)
References
msrc.microsoft.com/update-guide/en-US/vulnerability/c
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0289
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0290
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0291
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0292
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0293
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0294
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0295
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0296
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0297
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0298
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0300
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0301
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0302
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0303
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0304
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0305
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0306
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0307
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0308
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0309
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-0310
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
85.5%