CVE-2017-11863Improper Input Validation in Corporation Microsoft Edge

CWE-20Improper Input Validation8 documents4 sources
Severity
6.5MEDIUMNVD
NVD6.1NVD3.1
EPSS
1.1%
top 21.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+9 more
Timeline
PublishedNov 15
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages12 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-5qcr-3r6j-g5fp: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick2022-05-17
GHSA
GHSA-mpq3-wcg8-72j4: Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG)2022-05-13
GHSA
GHSA-7v23-c6x7-x7h2: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise b2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2017-11-14

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - November 20172017-11-14
CVE-2017-11863 — Improper Input Validation | cvebase