Описание
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects.
By itself, this bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system.
To exploit the CFG bypass vulnerability, a user must be logged on and running an affected version of Microsoft Edge. The user would then need to browse to a malicious website.
The security update addresses the bypass vulnerability by helping to ensure that Click2Play protection Microsoft Edge properly handles flash objects.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
Уязвимость реализации механизма защиты Click2Play браузера Microsoft Edge, позволяющая нарушителю осуществить несанкционированный запуск Flash-содержимого
EPSS
4.3 Medium
CVSS3