Описание
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain.
For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website.
This update addresses the vulnerability by denying permission to read the state of the object model, to which frames or windows on different domains should not have access.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII).
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | ||
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | ||
| Internet Explorer 10 on Windows Server 2012 | ||
| Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | ||
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | ||
| Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
Уязвимость браузеров Microsoft Edge и Internet Explorer, связанная с ошибками реализации межфреймового взаимодействия, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
4.2 Medium
CVSS3