Out-of-bounds Write (CWE-787)
Microsoft Edge (HTML-based) Memory Corruption Vulnerability. This is a network-based vulnerability with low attack complexity, requiring user interaction. It has low impact on confidentiality, integrity, and availability.
This vulnerability could allow an attacker to exploit memory corruption in Microsoft Edge (HTML-based). If successful, it could lead to low-level impacts on the confidentiality, integrity, and availability of the affected system. The attack requires user interaction, likely involving convincing a user to visit a malicious website or interact with malicious content.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released an official fix for this vulnerability.
1. Apply the official patch released by Microsoft as soon as possible. 2. Educate users about the risks of clicking on untrusted links or visiting suspicious websites. 3. Consider implementing network security measures to detect and block potential exploit attempts. 4. Keep Microsoft Edge and all other software up-to-date with the latest security patches. 5. Use browser security features and extensions that can help prevent malicious scripts from running.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Feedly found the first article mentioning CVE-2024-38207. See article
Feedly estimated the CVSS score as HIGH