CVE-2017-0154

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 4.4

CVSS2: 5.8

EPSS Низкий

Описание

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

Ссылки

http://www.securityfocus.com/bid/96766
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038008
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0154
Patch
Vendor Advisory
http://www.securityfocus.com/bid/96766
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038008
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0154
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01348

Низкий

4.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2017-0154

CVSS3: 5.4

msrc

больше 8 лет назад

Internet Explorer Elevation of Privilege Vulnerability

GHSA-3cfq-pxwf-wqwq