Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2019-0641

Опубликовано: 12 фев. 2019
Источник: msrc
CVSS3: 4.3
EPSS Низкий

Описание

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the way that Microsoft Edge handles whitelisting. Edge depends on a default whitelist of sites where Adobe Flash will load without user interaction. Because the whitelist was not scheme-aware, an attacker could use a man in the middle attack to cause Flash policies to be bypassed and arbitrary Flash content to be loaded without user interaction.

The security update addresses the vulnerability by modifying how Microsoft Edge handles whitelisting.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems
4487020
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems
4487020
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems
4487017
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems
4487017
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems
4487017
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems
4487044
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems
4487044
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems
4487044
Security Update
Microsoft Edge (EdgeHTML-based) on Windows Server 2019
4487044
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems
4486996
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

EPSS

Процентиль: 92%
0.09435
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-0641

CVSS3: 5.9
nvd
больше 6 лет назад

A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.

github логотип

GHSA-3w5m-p4xw-h642

CVSS3: 5.9
github
больше 3 лет назад

A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.

fstec логотип

BDU:2019-00804

CVSS3: 4.3
fstec
больше 6 лет назад

Уязвимость браузера Microsoft Edge, связанная с ошибками обработки белого списка, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

EPSS

Процентиль: 92%
0.09435
Низкий

4.3 Medium

CVSS3