header-logo
Suggest Exploit
vendor:
Webview2
by:
nu11secur1ty
7.5
CVSS
HIGH
Spoofing
913
CWE
Product Name: Webview2
Affected Version From: 1.0.1661.34
Affected Version To: 1.0.1661.34
Patch Exists: NO
Related CWE: CVE-2023-24892
CPE: a:microsoft:webview2:1.0.1661.34
Metasploit: https://www.rapid7.com/db/vulnerabilities/microsoft-edge-cve-2023-24892/
Other Scripts:
Platforms Tested:
2023

Microsoft-Edge-(Chromium-based)-Webview2-1.0.1661.34-Spoofing-Vulnerability

The Webview2 development platform is vulnerable to Spoofing attacks. The attacker can build a very malicious web app and spread it to the victim's networks. and when they open it this can be the last web app opening for them.

Mitigation:

The user should be aware of the malicious web apps and should not open them.
Source

Exploit-DB raw data:

## Title: Microsoft-Edge-(Chromium-based)-Webview2-1.0.1661.34-Spoofing-Vulnerability
## Author: nu11secur1ty
## Date: 04.10.2023
## Vendor: https://developer.microsoft.com/en-us/
## Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/
## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/
## CVE ID: CVE-2023-24892

## Description:
The Webview2 development platform is vulnerable to Spoofing attacks.
The attacker can build a very malicious web app and spread it to the
victim's networks.
and when they open it this can be the last web app opening for them.

STATUS: HIGH Vulnerability

[+]Exploit:

[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892/PoC)


## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-24892)

## Proof and Exploit:
[href](https://streamable.com/uk7l2n)

## Time spend:
03:00:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Navigation

Suggest Exploit

Services By CQR