Lucene search
Jaanus Kp - Clarified SecurityZDI-16-177HistoryMar 08, 2016 - 12:00 a.m.
Microsoft Edge CAsyncTpWorker Use-After-Free Remote Code Execution Vulnerability
2016-03-0800:00:00
Jaanus Kp - Clarified Security
www.zerodayinitiative.com
12
0.658 Medium
EPSS
Percentile
97.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code that renders PDF documents. By supplying a malformed PDF document an attacker can cause Microsoft Edge to use a Infra::CAsyncTpWorker object in memory after it has been freed. An attacker can leverage this to execute arbitrary code under the context of the current process.
Related
prion
prion
Remote code execution
2016-03-09 11:59:00
cvelist
cvelist
CVE-2016-0118
2016-03-09 11:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2016-0118
2016-03-09 11:59:26
nvd
nvd
CVE-2016-0118
2016-03-09 11:59:26
symantec
symantec
nessus
nessus
openvas
openvas
mskb
mskb
kaspersky
kaspersky
KLA10769 Multiple vulnerabilities in Microsoft Windows
2016-03-08 00:00:00