CVE-2017-8597 — Sensitive Information Exposure in Corporation Microsoft Edge

CWE-200 — Sensitive Information Exposure8 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

12.8%

top 5.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Edge Microsoft Windows 10 Msrc Microsoft Edge ON Windows 10 Version 1703 FOR 32-bit Systems +1 more

Timeline

PublishedSep 13

Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶msrcmsrc/microsoft_edge_on_windows_10_version_1703_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1703_for_x64-based_systems

▶CVEListV5microsoft_corporation/microsoft_edgeMicrosoft Windows Version 1703

▶NVDmicrosoft/windows_101703

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4x74-x3h9-92gq: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during use↗2022-05-17

▶

GHSA

GHSA-rmmj-4293-7765: Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that↗2022-05-17

▶

GHSA

GHSA-5ppg-f9j6-6f59: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way t↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability↗2017-09-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2017↗2017-09-12

▶