CVE-2024-43496

Опубликовано: 19 сент. 2024

Источник: msrc

CVSS3: 6.5

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?

Successful exploitation of this vulnerability requires the victim user to click a malicious link in order for the attacker to initiate remote code execution on the renderer process.

What is the version information for this release?

Microsoft Edge Channel	Microsoft Edge Version	Based on Chromium Version	Date Released
Stable	CVE-2024-8904,	129.0.6668.58/.59	9/19/2024

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 59%

0.00383

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-43496

CVSS3: 6.5

nvd

9 месяцев назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

GHSA-jrwr-5jr4-cgx8

CVSS3: 6.5

github

9 месяцев назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

BDU:2024-07781

CVSS3: 8.8

fstec

9 месяцев назад

Уязвимость браузера Microsoft Edge, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 59%

0.00383

Низкий

6.5 Medium

CVSS3