Chromium-based versions of Microsoft Edge, ChakraCore, and XapForms can be exploited by feeding a malicious HTML document to an unsuspecting victim. The attacker must convince the victim to visit a malicious site and view a specially crafted HTML document. If the user has elevated privileges, such as those of an administrator, then the attacker can run code with those privileges. This elevation of privilege can be achieved by persuading the user to visit a malicious site, clicking a malicious link, viewing a malicious HTML document, or by injecting code into a privileged process. Microsoft received information about this vulnerability through responsible disclosure, and it has been listed in the MSRC. Microsoft is working on a patch for this issue, and it expects to release it in a future release of Microsoft Edge.
Microsoft XAML Browser Remote Code Execution Vulnerability (CVE-2023)
A vulnerability in Microsoft Edge, ChakraCore, and XapForms can be exploited by feeding a malicious HTML document to an unsuspecting victim. The attacker must convince the victim to visit a malicious site and view a specially crafted HTML document. If the user has elevated privileges, such as those of an administrator, then the attacker can run code with those privileges. This elevation of privilege can be achieved by persuading the user to visit a malicious site, clicking a malicious link, viewing a malicious HTML document, or by injecting code into a privileged process. Microsoft received information about this vulnerability through responsible disclosure, and it has been listed in the MSRC. Microsoft is working on a patch for this issue, and it expects to release it in a future release of Microsoft Edge.
Microsoft Browser Memory Corruption Vulnerability - CVE-2023-6155
This vulnerability could allow an attacker to remotely execute code on a vulnerable system. A remote exploit of this vulnerability could allow a hacker to take control of an affected system. This issue is rated as critical.
Microsoft Office CVEs
I. A memory corruption vulnerability in Microsoft Word and Microsoft Excel allows remote code execution
II. A memory corruption vulnerability in Microsoft Office allows remote code execution
III. A memory exploitation vulnerability found in Microsoft Word, Excel, and Outlook allows remote code execution
Microsoft Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Edge CVE-2022-220 21
The Microsoft Edge WebGL Security Feature Bypass Vulnerability (CVE-2022-21954) allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. This attack appears to be exploitable via HTML document containing malicious JavaScript and WebGL content.
Timeline
Published on: 01/11/2022 21:15:00 UTC
Last modified on: 01/20/2022 19:31:00 UTC