Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2018-8512

Опубликовано: 24 окт. 2018
Источник: msrc
CVSS3: 4.2
EPSS Низкий

Описание

Microsoft Edge Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems
4462937
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems
4462937
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems
4462918
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems
4462918
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

N/A

EPSS

Процентиль: 75%
0.0095
Низкий

4.2 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-8512

CVSS3: 5.4
nvd
почти 7 лет назад

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.

github логотип

GHSA-vhfw-vgr5-4gr8

CVSS3: 5.4
github
больше 3 лет назад

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.

fstec логотип

BDU:2019-00073

CVSS3: 5.4
fstec
почти 7 лет назад

Уязвимость браузера Microsoft Edge, связанная с ошибками механизмов обработки запросов, позволяющая нарушить конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 75%
0.0095
Низкий

4.2 Medium

CVSS3