CVE-2017-8754 — Improper Input Validation in Corporation Microsoft Edge

CWE-20 — Improper Input Validation6 documents4 sources

Severity

4.3MEDIUMNVD

NVD4.2

EPSS

5.1%

top 10.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Edge Msrc Microsoft Edge ON Windows 10 FOR 32-bit Systems Msrc Microsoft Edge ON Windows 10 FOR X64-based Systems +7 more

Timeline

PublishedSep 13

Latest updateMay 13

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages10 packages

▶msrcmsrc/microsoft_edge_on_windows_server_2016

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1703_for_32-bit_systems

▶msrcmsrc/microsoft_edge_on_windows_10_version_1511_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-7gmx-65wj-xqg2: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containi↗2022-05-13

▶

GHSA

GHSA-f7mc-5jcj-5grq: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containi↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Security Feature Bypass Vulnerability↗2017-09-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - September 2017↗2017-09-12

▶