Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 – Spoofing

• Exploit Database
• 37 阅读

• 作者： nu11secur1ty
  日期： 2023-04-10
• 类别：

  • local
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51359/

• ## Title: Microsoft-Edge-(Chromium-based)-Webview2-1.0.1661.34-Spoofing-Vulnerability
  ## Author: nu11secur1ty
  ## Date: 04.10.2023
  ## Vendor: https://developer.microsoft.com/en-us/
  ## Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/
  ## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/
  ## CVE ID: CVE-2023-24892
  
  ## Description:
  The Webview2 development platform is vulnerable to Spoofing attacks.
  The attacker can build a very malicious web app and spread it to the
  victim's networks.
  and when they open it this can be the last web app opening for them.
  
  STATUS: HIGH Vulnerability
  
  [+]Exploit:
  
  [href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892/PoC)
  
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892)
  
  ## Proof and Exploit:
  [href](https://streamable.com/uk7l2n)
  
  ## Time spend:
  03:00:00
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at
  https://packetstormsecurity.com/https://cve.mitre.org/index.html and
  https://www.exploit-db.com/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>