CVE-2017-0011 — Sensitive Information Exposure in Corporation Browser
Severity
6.1MEDIUMNVD
NVD4.3CNA4.3VulnCheck4.3
EPSS
8.4%
top 7.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 17
Latest updateMay 17
Description
Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages3 packages
Patches
🔴Vulnerability Details
11GHSA▶
GHSA-qh2j-hcp8-r23w: The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive informa↗2022-05-17
GHSA▶
GHSA-53gv-m53j-xw4v: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Micro↗2022-05-17
GHSA▶
GHSA-322g-5x7j-7fgm: Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerabilit↗2022-05-17
GHSA▶
GHSA-33q8-hj9q-xc35: Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Info↗2022-05-17
GHSA▶
GHSA-m792-56jx-j3hj: Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information↗2022-05-17
📋Vendor Advisories
1🕵️Threat Intelligence
7💬Community
1Bugzilla
▶