CVE-2017-8611 — Improper Input Validation in Microsoft Edge ON Windows 10 FOR 32-bit Systems

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

8.4%

top 7.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems Msrc Microsoft Edge ON Windows 10 FOR X64-based Systems Msrc Microsoft Edge ON Windows 10 Version 1511 FOR 32-bit Systems +6 more

Timeline

PublishedJul 11

Latest updateMay 17

Description

Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

▶msrcmsrc/microsoft_edge_on_windows_server_2016

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1703_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8grv-w5pp-554r: Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Spoofing Vulnerability↗2017-07-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - July 2017↗2017-07-11

▶