CVE-2017-8726Sensitive Information Exposure in Corporation Microsoft Edge

CWE-200Sensitive Information ExposureCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
10.5%
top 6.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Corporation Microsoft EdgeMsrc Microsoft Edge ON Windows 10 FOR 32-bit SystemsMsrc Microsoft Edge ON Windows 10 FOR X64-based Systems+7 more
Timeline
PublishedOct 13
Latest updateMay 17

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages10 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-m6cj-cjc9-rh2w: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edg2022-05-17
GHSA
GHSA-2rpx-x533-qfww: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability2017-10-10

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - October 20172017-10-10
CVE-2017-8726 — Sensitive Information Exposure | cvebase