Описание
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.
To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network.
The security update addresses the bypass by correcting how the Edge CSP validates documents.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows Server 2016 | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754.
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754.
EPSS
4.3 Medium
CVSS3