CVE-2022-21954 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2022-21954 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Chromium-based versions of Microsoft Edge, ChakraCore, and XapForms can be exploited by feeding a malicious HTML document to an unsuspecting victim. The attacker must convince the victim to visit a malicious site and view a specially crafted HTML document. If the user has elevated privileges, such as those of an administrator, then the attacker can run code with those privileges. This elevation of privilege can be achieved by persuading the user to visit a malicious site, clicking a malicious link, viewing a malicious HTML document, or by injecting code into a privileged process. Microsoft received information about this vulnerability through responsible disclosure, and it has been listed in the MSRC. Microsoft is working on a patch for this issue, and it expects to release it in a future release of Microsoft Edge.

Microsoft XAML Browser Remote Code Execution Vulnerability (CVE-2023)

A vulnerability in Microsoft Edge, ChakraCore, and XapForms can be exploited by feeding a malicious HTML document to an unsuspecting victim. The attacker must convince the victim to visit a malicious site and view a specially crafted HTML document. If the user has elevated privileges, such as those of an administrator, then the attacker can run code with those privileges. This elevation of privilege can be achieved by persuading the user to visit a malicious site, clicking a malicious link, viewing a malicious HTML document, or by injecting code into a privileged process. Microsoft received information about this vulnerability through responsible disclosure, and it has been listed in the MSRC. Microsoft is working on a patch for this issue, and it expects to release it in a future release of Microsoft Edge.

Microsoft Browser Memory Corruption Vulnerability - CVE-2023-6155

This vulnerability could allow an attacker to remotely execute code on a vulnerable system. A remote exploit of this vulnerability could allow a hacker to take control of an affected system. This issue is rated as critical.

Microsoft Office CVEs

I. A memory corruption vulnerability in Microsoft Word and Microsoft Excel allows remote code execution
II. A memory corruption vulnerability in Microsoft Office allows remote code execution
III. A memory exploitation vulnerability found in Microsoft Word, Excel, and Outlook allows remote code execution

Microsoft Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Edge CVE-2022-220 21

The Microsoft Edge WebGL Security Feature Bypass Vulnerability (CVE-2022-21954) allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. This attack appears to be exploitable via HTML document containing malicious JavaScript and WebGL content.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe