Описание
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.
To exploit the vulnerability, an attacker must have access to host malicious content on a website this is on a subdomain of the parent domain, and then convince a user to visit the site.
The security update addresses the vulnerability by helping to ensure that Microsoft browsers restrict access to certain functionality between the subdomain and the parent domain.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows Server 2016 | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1511 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
2.4 Low
CVSS3
Связанные уязвимости
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability".
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability".
EPSS
2.4 Low
CVSS3