CVE-2017-8643Sensitive Information Exposure in Corporation Microsoft Edge

CWE-200Sensitive Information Exposure10 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
11.4%
top 6.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft Corporation Microsoft EdgeMicrosoft Windows 10Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems+8 more
Timeline
PublishedSep 13
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages11 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-4x74-x3h9-92gq: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during use2022-05-17
GHSA
GHSA-rmmj-4293-7765: Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that2022-05-17
GHSA
GHSA-5ppg-f9j6-6f59: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way t2022-05-17

📋Vendor Advisories

1
Microsoft
Microsoft Edge Information Disclosure Vulnerability2017-09-12

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - September 20172017-09-12
CVE-2017-8643 — Sensitive Information Exposure | cvebase