CVE-2017-8723Improper Input Validation in Corporation Microsoft Edge

CWE-20Improper Input Validation11 documents5 sources
Severity
4.3MEDIUMNVD
NVD4.2
EPSS
5.8%
top 9.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+7 more
Timeline
PublishedSep 13
Latest updateMay 13

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages10 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-7gmx-65wj-xqg2: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containi2022-05-13
GHSA
GHSA-f7mc-5jcj-5grq: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containi2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2017-09-12

🕵️Threat Intelligence

6
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
Trendmicro
September Patch Tuesday Fixes MS Office Zero-Day2017-09-13
CVE-2017-8723 — Improper Input Validation | cvebase