Test ID:	1.3.6.1.4.1.25623.1.0.807023
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Edge Multiple Vulnerabilities (3116184)
Summary:	This host is missing a critical security; update according to Microsoft Bulletin MS15-125.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS15-125. Vulnerability Insight: Multiple flaws exist due to: - Multiple improper memory object handling errors. - Microsoft Edge does not properly enforce content types. - Error in handling exceptions when dispatching certain window messages. - Microsoft Edge does not properly parse HTTP responses. - Microsoft Edge does not properly validate permissions under specific condition. - Microsoft Edge mishandles HTML attributes in HTTP responses. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service, run arbitrary script with elevated privileges, to bypass the ASLR protection mechanism, to redirect users to arbitrary web sites, to gain privileges, to bypass a cross-site scripting (XSS) protection mechanism. Affected Software/OS: - Microsoft Edge on Microsoft Windows 10 x32/x64 - Microsoft Windows 10 Version 1511 x32/x64 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6139 Microsoft Security Bulletin: MS15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 Microsoft Security Bulletin: MS15-125 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 Common Vulnerability Exposure (CVE) ID: CVE-2015-6140 Common Vulnerability Exposure (CVE) ID: CVE-2015-6142 http://www.zerodayinitiative.com/advisories/ZDI-15-587 Common Vulnerability Exposure (CVE) ID: CVE-2015-6148 http://www.zerodayinitiative.com/advisories/ZDI-15-588 Common Vulnerability Exposure (CVE) ID: CVE-2015-6151 http://www.zerodayinitiative.com/advisories/ZDI-15-599 Common Vulnerability Exposure (CVE) ID: CVE-2015-6153 Common Vulnerability Exposure (CVE) ID: CVE-2015-6154 Common Vulnerability Exposure (CVE) ID: CVE-2015-6155 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1212 Common Vulnerability Exposure (CVE) ID: CVE-2015-6158 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1214 Common Vulnerability Exposure (CVE) ID: CVE-2015-6159 http://www.zerodayinitiative.com/advisories/ZDI-15-645 Common Vulnerability Exposure (CVE) ID: CVE-2015-6161 Common Vulnerability Exposure (CVE) ID: CVE-2015-6168 https://www.exploit-db.com/exploits/40878/ http://seclists.org/fulldisclosure/2016/Dec/4 http://blog.skylined.nl/20161201001.html http://www.zerodayinitiative.com/advisories/ZDI-15-583 Common Vulnerability Exposure (CVE) ID: CVE-2015-6169 Common Vulnerability Exposure (CVE) ID: CVE-2015-6170 Common Vulnerability Exposure (CVE) ID: CVE-2015-6176
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.