Simon Zuckerbraun - Trend Micro Zero Day InitiativeZDI-16-452Microsoft Edge GetRefererUrl Use-After-Free Information Disclosure Vulnerability
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.501 Medium
EPSS
Percentile
97.5%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge constructs Referer headers in HTTP requests. By manipulating a documentâs elements an attacker can force a string in memory to be reused after it has been freed. As a result, unintended information will be included in the Referer header. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of the current process.
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.501 Medium
EPSS
Percentile
97.5%