CVE-2017-8530Origin Validation Error in Corporation Microsoft Edge

CWE-346Origin Validation ErrorCWE-20Improper Input Validation10 documents5 sources
Severity
5.4MEDIUMNVD
NVD4.3
EPSS
0.6%
top 30.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+7 more
Timeline
PublishedJun 15
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages10 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-h7v3-v3pv-r9pg: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Securi2022-05-17
GHSA
GHSA-3mf8-rh77-mhqx: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with2022-05-13
GHSA
GHSA-598f-j5f9-2ggg: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2017-06-13

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - June 20172017-06-13
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update | Qualys2017-06-13
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update2017-06-13
CVE-2017-8530 — Origin Validation Error | cvebase