ID CVE-2017-8754
Summary Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.
References
Vulnerable Configurations
  • Microsoft Edge
    cpe:2.3:a:microsoft:edge
  • Microsoft Windows 10 1703
    cpe:2.3:o:microsoft:windows_10:1703
  • Microsoft Windows Server 2016
    cpe:2.3:o:microsoft:windows_server_2016
  • cpe:2.3:o:microsoft:windows_10:1607
    cpe:2.3:o:microsoft:windows_10:1607
  • cpe:2.3:o:microsoft:windows_10:1511
    cpe:2.3:o:microsoft:windows_10:1511
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-254
CAPEC
msbulletin via4
bulletin_SOURCE_FILE https://portal.msrc.microsoft.com/api/security-guidance/en-us/
cves_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8754
impact Security Feature Bypass
knowledgebase_SOURCE_FILE https://support.microsoft.com/help/4038788
knowledgebase_id 4038788
name Microsoft Edge
publishedDate 2017-09-12T07:00:00
severity Important
refmap via4
bid 100779
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8754
sectrack 1039326
Last major update 12-09-2017 - 21:29
Published 12-09-2017 - 21:29
Last modified 18-09-2017 - 11:23
Back to Top