This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote host has a web browser installed that is affected by
The version of Microsoft Edge installed on the remote Windows host is
missing Cumulative Security Update 3096448. It is, therefore, affected
by multiple vulnerabilities :
- An information disclosure vulnerability exists due to
improper handling of objects in memory. A remote
attacker can exploit this, via a specially crafted
website, to disclose arbitrary memory content.
- A cross-site scripting filter bypass vulnerability
exists due to improper disabling of an HTML attribute in
otherwise appropriately filtered HTTP response data. A
remote attacker can exploit this vulnerability by
convincing a user to visit a website containing
specially crafted content, resulting in the execution of
arbitrary script code in the wrong security context.
See also :
Microsoft has released a set of patches for Windows 10.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false