CVE-2024-43596

Опубликовано: 17 окт. 2024

Источник: msrc

CVSS3: 6.5

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

FAQ

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
130.0.2849.46	10/17/2024	130.0.6723.59

According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?

Successful exploitation of this vulnerability requires the victim user to click a malicious link so that the attacker can initiate remote code execution on the renderer process.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

The user would have to click on a specially crafted URL to be compromised by the attacker.

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 78%

0.01106

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-43596

CVSS3: 6.5

nvd

больше 1 года назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

GHSA-5vhc-23f9-jfhm

CVSS3: 6.5

github

больше 1 года назад

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

BDU:2024-08547

CVSS3: 8.8

fstec

больше 1 года назад

Уязвимость браузера Microsoft Edge, связанная с ошибками смешения типов данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 78%

0.01106

Низкий

6.5 Medium

CVSS3