CVE-2017-8523Origin Validation Error in Corporation Microsoft Edge

CWE-346Origin Validation ErrorCWE-20Improper Input Validation10 documents5 sources
Severity
5.4MEDIUMNVD
NVD4.3
EPSS
1.0%
top 22.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+7 more
Timeline
PublishedJun 15
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages10 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-h7v3-v3pv-r9pg: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Securi2022-05-17
GHSA
GHSA-3mf8-rh77-mhqx: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with2022-05-13
GHSA
GHSA-598f-j5f9-2ggg: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2017-06-13

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - June 20172017-06-13
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update | Qualys2017-06-13
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update2017-06-13
CVE-2017-8523 — Origin Validation Error | cvebase