CVE-2017-0135

EPSS 7.7%

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 7.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 mar 2017Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

Produtos afetados

Microsoft Corporation · Edge

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135 https://www.freebuf.com/articles/web/164871.html http://www.securityfocus.com/bid/96656 http://www.securitytracker.com/id/1038006