Описание
Internet Explorer Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Internet Explorer where the browser fails to properly restrict mixed content for specifically-crafted documents.
An attacker could trick a user into loading a page with malicious content. To exploit the vulnerability, an attacker would need to trick a user into loading a page or visiting a site. The page could also be injected into a compromised site or ad network.
The security update corrects how Microsoft Internet Explorer handles mixed content.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."
Уязвимость браузера Microsoft Edge, позволяющая нарушителю обойти существующие ограничения доступа
EPSS