Описание
Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by modifying how the IEToEdge BHO plug-in handles objects in memory.
FAQ
What is the IEToEdgeBHO plugin?
The IEToEdgeBHO plugin is a Browser Helper Object, which is a plugin that runs inside Internet Explorer. This plugin causes Internet Explorer to switch to Microsoft Edge (Chromium) for sites that no longer work optimally on Internet Explorer.
Who is affected by this vulnerability?
Users who have both Internet Explorer and Microsoft Edge (Chromium), and who use Internet Explorer to browse the Internet, are affected by this vulnerability. Users who only have Internet Explorer or Microsoft Edge (Chromium) installed are not affected.
How can I be protected from this vulnerability?
Users who are running both Internet Explorer and Microsoft Edge (Chromium) need to have Microsoft Edge Stable Channel v85.0.564.44, available as of August 31, installed to be protected from this vulnerability. This build includes the update for the BHO plugin that addresses this vulnerability.
How can I see the version of Microsoft Edge?
- In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
- Click on Help and Feedback
- Click on About Microsoft Edge
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.</p> <p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. If the current user is logged on with administrative user rights, an at
A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory, aka 'Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability'.
Уязвимость подключаемого модуля IEToEdge Browser Helper Object (BHO) браузера Microsoft Edge, позволяющая нарушителю выполнить произвольный код
EPSS
4.2 Medium
CVSS3