CVE-2017-8523

Опубликовано: 15 июн. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.

Ссылки

http://www.securityfocus.com/bid/98928
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98928
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.01022

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-346

Связанные уязвимости

CVE-2017-8523

CVSS3: 4.3

msrc

около 8 лет назад

Microsoft Edge Security Feature Bypass Vulnerability

GHSA-598f-j5f9-2ggg

CVSS3: 4.3

github

около 3 лет назад

EPSS

Процентиль: 76%

0.01022

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-346