CVE-2017-0154Injection in Corporation Internet Explorer

CWE-74Injection11 documents6 sources
Severity
4.4MEDIUMNVD
EPSS
1.0%
top 23.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Corporation Internet ExplorerMicrosoft Internet Explorer
Timeline
PublishedMar 17
Latest updateMay 17

Description

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5microsoft_corporation/internet_explorerInternet Explorer 11 in Windows 10, 1511, 1606, and Windows Server 2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-3cfq-pxwf-wqwq: Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to acc2022-05-17
CVEList
CVE-2017-0154: Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to acc2017-03-17

📋Vendor Advisories

1
Microsoft
Internet Explorer Elevation of Privilege Vulnerability2017-03-14

🕵️Threat Intelligence

7
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
CVE-2017-0154 — Injection | cvebase