CVE-2019-1356 — Sensitive Information Exposure in Microsoft Edge ON Windows 10 Version 1607 FOR 32-bit Systems

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

16.0%

top 5.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge ON Windows 10 Version 1607 FOR 32-bit Systems Microsoft Edge ON Windows 10 Version 1607 FOR X64-based Systems Microsoft Edge ON Windows 10 Version 1703 FOR 32-bit Systems +15 more

Timeline

PublishedOct 10

Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages18 packages

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1607_for_x64-based_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1703_for_x64-based_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1709_for_x64-based_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1803_for_x64-based_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1809_for_x64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c7wp-jfrw-7jvc: An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based↗2022-05-24

▶

CVEList

CVE-2019-1356: An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based↗2019-10-10

▶

📋Vendor Advisories

Microsoft

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability↗2019-10-08

▶