Описание
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Microsoft Browser XSS Filter does not properly validate content under specific conditions. An attacker who exploited the vulnerability could run arbitrary JavaScript that could lead to an information disclosure.
In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes the user to the attacker's site.
The security update addresses the vulnerability by correcting how the Microsoft Browser XSS Filter validates content.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems | ||
| Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Internet Explorer 9 on Windows Vista Service Pack 2 | ||
| Internet Explorer 9 on Windows Vista x64 Edition Service Pack 2 | ||
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | ||
| Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Уязвимость браузеров Internet Explorer и Microsoft Edge, позволяющая нарушителю получить конфиденциальную информацию
EPSS
4.2 Medium
CVSS3