CVE-2017-8592 — Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

29.4%

top 3.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer Microsoft Windows 10 Microsoft Windows Server 2008 +1 more

Timeline

PublishedJul 11

Latest updateMay 17

Description

Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶NVDmicrosoft/internet_explorer10, 11, 9+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j79g-9xqw-gjwm: Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8↗2022-05-17

▶

CVEList

CVE-2017-8592: Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8↗2017-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft Browser Security Feature Bypass Vulnerability↗2017-07-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - July 2017↗2017-07-11

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 07-11-2017↗

▶