CVE-2017-0017Sensitive Information Exposure in Corporation Browser

CWE-200Sensitive Information ExposureCWE-79Cross-site Scripting25 documents8 sources
Severity
6.1MEDIUMNVD
NVD4.3CNA4.3VulnCheck4.3
EPSS
1.9%
top 16.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Corporation BrowserMicrosoft Corporation EdgeMicrosoft Internet Explorer
Timeline
PublishedMar 17
Latest updateMay 17

Description

The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

CVEListV5microsoft_corporation/edgeEdge, The RegEx class in the XSS filter in Microsoft Edge+1
CVEListV5microsoft_corporation/browserInternet Explorer 9 through 11 and Edge

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

11
GHSA
GHSA-qh2j-hcp8-r23w: The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive informa2022-05-17
GHSA
GHSA-53gv-m53j-xw4v: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Micro2022-05-17
GHSA
GHSA-322g-5x7j-7fgm: Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerabilit2022-05-17
GHSA
GHSA-33q8-hj9q-xc35: Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Info2022-05-17
GHSA
GHSA-m792-56jx-j3hj: Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information2022-05-17

📋Vendor Advisories

1
Microsoft
Microsoft Browser Information Disclosure Vulnerability2017-03-14

🕵️Threat Intelligence

7
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15

💬Community

1
Bugzilla
CVE-2017-12156 CVE-2017-12157 moodle: Multiple vulnerabilities2017-09-20
CVE-2017-0017 — Sensitive Information Exposure | cvebase