CVE-2017-11872Improper Input Validation in Corporation Microsoft Edge

CWE-20Improper Input Validation8 documents4 sources
Severity
6.5MEDIUMNVD
NVD6.1NVD3.1
EPSS
20.8%
top 4.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 Version 1607 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 Version 1607 FOR X64-based Systems+3 more
Timeline
PublishedNov 15
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-5qcr-3r6j-g5fp: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick2022-05-17
GHSA
GHSA-mpq3-wcg8-72j4: Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG)2022-05-13
GHSA
GHSA-7v23-c6x7-x7h2: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise b2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2017-11-14

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - November 20172017-11-14
CVE-2017-11872 — Improper Input Validation | cvebase