CVE-2017-0068 — Sensitive Information Exposure in Corporation Browser
Severity
6.1MEDIUMNVD
NVD4.3CNA4.3VulnCheck4.3
EPSS
23.1%
top 4.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 17
Latest updateMay 17
Description
Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages3 packages
Patches
🔴Vulnerability Details
11GHSA▶
GHSA-qh2j-hcp8-r23w: The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive informa↗2022-05-17
GHSA▶
GHSA-53gv-m53j-xw4v: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Micro↗2022-05-17
GHSA▶
GHSA-322g-5x7j-7fgm: Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerabilit↗2022-05-17
GHSA▶
GHSA-33q8-hj9q-xc35: Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Info↗2022-05-17
GHSA▶
GHSA-m792-56jx-j3hj: Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information↗2022-05-17