Microsoft Edge Cumulative Security Update

Last Update Date: 11 Feb 2016 12:23 Release Date: 11 Feb 2016 3508 Views

RISK: High Risk

TYPE: Clients - Browsers

Microsoft Browser Spoofing Vulnerability
A spoofing vulnerability exists when a Microsoft browser does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website. The specially crafted website could spoof content or be used as a pivot to chain an attack with other vulnerabilities in web services.
Microsoft Edge ASLR Bypass Vulnerability
A security feature bypass vulnerability for Microsoft Edge exists as a result of how exceptions are handled when dispatching certain window messages, allowing an attacker to probe the layout of the address space and thereby bypassing Address Space Layout Randomization (ASLR). By itself, the ASLR bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system.
Multiple Microsoft Edge Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.