Test Kennung:	1.3.6.1.4.1.25623.1.0.807023
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Edge Multiple Vulnerabilities (3116184)
Zusammenfassung:	This host is missing a critical security; update according to Microsoft Bulletin MS15-125.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS15-125. Vulnerability Insight: Multiple flaws exist due to: - Multiple improper memory object handling errors. - Microsoft Edge does not properly enforce content types. - Error in handling exceptions when dispatching certain window messages. - Microsoft Edge does not properly parse HTTP responses. - Microsoft Edge does not properly validate permissions under specific condition. - Microsoft Edge mishandles HTML attributes in HTTP responses. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service, run arbitrary script with elevated privileges, to bypass the ASLR protection mechanism, to redirect users to arbitrary web sites, to gain privileges, to bypass a cross-site scripting (XSS) protection mechanism. Affected Software/OS: - Microsoft Edge on Microsoft Windows 10 x32/x64 - Microsoft Windows 10 Version 1511 x32/x64 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6139 Microsoft Security Bulletin: MS15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 Microsoft Security Bulletin: MS15-125 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 Common Vulnerability Exposure (CVE) ID: CVE-2015-6140 Common Vulnerability Exposure (CVE) ID: CVE-2015-6142 http://www.zerodayinitiative.com/advisories/ZDI-15-587 Common Vulnerability Exposure (CVE) ID: CVE-2015-6148 http://www.zerodayinitiative.com/advisories/ZDI-15-588 Common Vulnerability Exposure (CVE) ID: CVE-2015-6151 http://www.zerodayinitiative.com/advisories/ZDI-15-599 Common Vulnerability Exposure (CVE) ID: CVE-2015-6153 Common Vulnerability Exposure (CVE) ID: CVE-2015-6154 Common Vulnerability Exposure (CVE) ID: CVE-2015-6155 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1212 Common Vulnerability Exposure (CVE) ID: CVE-2015-6158 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1214 Common Vulnerability Exposure (CVE) ID: CVE-2015-6159 http://www.zerodayinitiative.com/advisories/ZDI-15-645 Common Vulnerability Exposure (CVE) ID: CVE-2015-6161 Common Vulnerability Exposure (CVE) ID: CVE-2015-6168 https://www.exploit-db.com/exploits/40878/ http://seclists.org/fulldisclosure/2016/Dec/4 http://blog.skylined.nl/20161201001.html http://www.zerodayinitiative.com/advisories/ZDI-15-583 Common Vulnerability Exposure (CVE) ID: CVE-2015-6169 Common Vulnerability Exposure (CVE) ID: CVE-2015-6170 Common Vulnerability Exposure (CVE) ID: CVE-2015-6176
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.