cbcvebase.
CVE-2017-0068
published 2017-03-17

CVE-2017-0068: Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information…

PriorityP275medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
15.18%
96.3th percentile
Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065.

Affected

10 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationedge
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a crafted web site targeting Microsoft Edge (EdgeHTML-based); monitor for suspicious Edge browser process memory access patterns or anomalous Edge renderer behavior when visiting attacker-controlled or compromised websites.
  • Attack vector is web-based; attacker hosts or compromises a website with specially crafted content — consider monitoring for user navigation to newly registered or low-reputation domains via Edge (EdgeHTML).
  • Root cause is improper handling of objects in memory by Microsoft Edge (EdgeHTML); patch verification should confirm KB4012606, KB4013198, or KB4013429 is applied.
  • ·Exploit status is confirmed as NOT publicly exploited and NOT publicly disclosed at time of advisory; exploitation is rated 'Less Likely' for the latest software release, reducing urgency but not eliminating risk.
  • ·This vulnerability is distinct from four related Microsoft Edge information disclosure CVEs (CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, CVE-2017-0065); detections or patches for those do not cover this CVE.

CVSS provenance

nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck4.3MEDIUM
vendor_msrc4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.