CVE-2019-0764

Опубликовано: 09 апр. 2019

Источник: msrc

CVSS3: 6.3

EPSS Низкий

Описание

Microsoft Browsers Tampering Vulnerability

A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters.

In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message.

The security update addresses the vulnerability by correcting how Microsoft browsers validate input.

Обновления

Продукт	Статья	Обновление
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems	4493474	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems	4493474	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems	4493464	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems	4493464	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems	4493509	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems	4493509	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems	4493509	Security Update
Microsoft Edge (EdgeHTML-based) on Windows Server 2019	4493509	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems	4493441	Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems	4493441	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 92%

0.07646

Низкий

6.3 Medium

CVSS3

Связанные уязвимости

CVE-2019-0764

CVSS3: 6.5

nvd

больше 6 лет назад

A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'.

GHSA-qx8p-v7mw-f7q4

CVSS3: 6.5

github

больше 3 лет назад

A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'.

BDU:2019-01473

CVSS3: 2.4

fstec