The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2022 advisory.
Out of bounds write in Storage. (CVE-2022-3195)
Use after free in PDF. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)
Use after free in Frames. (CVE-2022-3199)
Heap buffer overflow in Internals. (CVE-2022-3200)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(165210);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/25");
script_cve_id(
"CVE-2022-3195",
"CVE-2022-3196",
"CVE-2022-3197",
"CVE-2022-3198",
"CVE-2022-3199",
"CVE-2022-3200"
);
script_xref(name:"IAVA", value:"2022-A-0379-S");
script_xref(name:"IAVA", value:"2022-A-0396-S");
script_name(english:"Microsoft Edge (Chromium) < 105.0.1343.42 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an web browser installed that is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Microsoft Edge installed on the remote Windows host is prior to 105.0.1343.42. It is, therefore, affected
by multiple vulnerabilities as referenced in the September 15, 2022 advisory.
- Out of bounds write in Storage. (CVE-2022-3195)
- Use after free in PDF. (CVE-2022-3196, CVE-2022-3197, CVE-2022-3198)
- Use after free in Frames. (CVE-2022-3199)
- Heap buffer overflow in Internals. (CVE-2022-3200)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#september-15-2022
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8ee04b1");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3195");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3196");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3197");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3198");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3199");
script_set_attribute(attribute:"see_also", value:"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3200");
script_set_attribute(attribute:"solution", value:
"Upgrade to Microsoft Edge version 105.0.1343.42 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3200");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/14");
script_set_attribute(attribute:"patch_publication_date", value:"2022/09/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:edge");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_edge_chromium_installed.nbin");
script_require_keys("installed_sw/Microsoft Edge (Chromium)", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '105.0.1343.42' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3200
www.nessus.org/u?e8ee04b1
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3195
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3196
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3197
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3198
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3199
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3200