CVE-2017-8650
published 2017-08-08CVE-2017-8650: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin…
PriorityP424medium5.4CVSS 3.0
AVNACLPRNUIRSUCLILAN
EPSS
1.46%
70.3th percentile
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft_corporation | microsoft_edge | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1703_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vendor_msrc5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability
vendor_msrc·2017-08-08·CVSS 5.4
CVE-2017-8650 [MEDIUM] Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These
GHSA
GHSA-gfwf-8pwx-5cj3: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-
ghsa_unreviewed·2022-05-13
CVE-2017-8650 [MEDIUM] CWE-346 GHSA-gfwf-8pwx-5cj3: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/100048http://www.securitytracker.com/id/1039101https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650http://www.securityfocus.com/bid/100048http://www.securitytracker.com/id/1039101https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650
2017-08-08
Published