AnsweredAssumed Answered

edgehtml.dll on windows server 2016

Question asked by Tim Cools on May 2, 2019
Latest reply on May 2, 2019 by derekv

Hello ,

 

I have a question about edgehtml.dll (QID: 91521)
Edge is not installed on win servers but the engine is present (edgehtml.dll)
This generates sev 4 vulnerabilities.
I suppose the engine is there for a reason but the vulnerabilities speak about opening a website....

For example: 
A security feature bypass vulnerability exists when Microsoft Edge could allow a remote
attacker to bypass security restrictions, caused by improper handling of flash objects by the
Click2Play protection. By persuading a victim to visit a specially-crafted website, an attacker
could exploit this vulnerability to bypass the security feature. [CVE-2019-0612]

 

Can it be handled as a false positive? Anyone has more info about this one?

 

Thanks,

 

Tim

Outcomes