CVE-2017-0002 — Microsoft Edge ON Windows 10 FOR 32-bit Systems vulnerability

9 documents6 sources

Severity

8.8HIGHNVD

EPSS

14.7%

top 5.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems Msrc Microsoft Edge ON Windows 10 FOR X64-based Systems Msrc Microsoft Edge ON Windows 10 Version 1511 FOR 32-bit Systems +4 more

Timeline

PublishedJan 10

Latest updateMay 13

Description

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶msrcmsrc/microsoft_edge_on_windows_server_2016

▶msrcmsrc/microsoft_edge_on_windows_10_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_for_x64-based_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1607_for_32-bit_systems

🔴Vulnerability Details

GHSA

GHSA-rr5r-hxx7-jmq7: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Internet Explorer Elevation of Privilege Vulnerability↗2017-01-10

▶

🕵️Threat Intelligence

Qualys

Microsoft Starts 2017 with Record Low Security Updates | Qualys↗2017-01-10

▶

Qualys

Microsoft Starts 2017 with Record Low Security Updates↗2017-01-10

▶

💬Community

Bugzilla

CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)↗2017-10-09

▶

Bugzilla

CVE-2017-2576 CVE-2017-2578 moodle: Multiple security issues↗2017-01-20

▶

Bugzilla

CVE-2015-2155 tcpdump: force printer vulnerability↗2015-03-13

▶