Microsoft Edge Cumulative Security Update

Last Update Date: 9 Dec 2015 13:54 Release Date: 9 Dec 2015 3192 Views

RISK: High Risk

TYPE: Clients - Browsers

Multiple Microsoft Edge Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft Browser Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce content types. An attacker who successfully exploited the vulnerability could run arbitrary script with elevated privileges.
Microsoft Browser ASLR Bypass
A security feature bypass exists when Microsoft Edge fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited it could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.
Microsoft Edge Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
Microsoft Browser Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.
Microsoft Edge XSS Filter Bypass Vulnerability
An XSS filter bypass vulnerability exists in the way that Microsoft Edge disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.