CVE-2018-0771Corporation Microsoft Edge vulnerability

9 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
11.2%
top 6.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Corporation Microsoft Edge
Timeline
PublishedFeb 15
Latest updateMay 13

Description

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5microsoft_corporation/microsoft_edgeMicrosoft Windows 10 1607, 1703, and Windows Server 2016.

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-8r7w-vjq3-4mh6: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin2022-05-13
CVEList
CVE-2018-0771: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin2018-02-15

📋Vendor Advisories

1
Microsoft
Microsoft Edge Security Feature Bypass Vulnerability2018-02-13

🕵️Threat Intelligence

5
Trendmicro
February Patch Tuesday Fixes Privilege Escalation Bugs2018-02-14
Trendmicro
February Patch Tuesday Fixes Privilege Escalation Bugs2018-02-14
Trendmicro
February Patch Tuesday Fixes Privilege Escalation Bugs2018-02-14
Trendmicro
February Patch Tuesday Fixes Privilege Escalation Bugs2018-02-14
Trendmicro
February Patch Tuesday Fixes Privilege Escalation Bugs2018-02-14
CVE-2018-0771 — MEDIUM severity | cvebase