Vulnerability CVE-2017-0140
Published: 2017-03-16   Modified: 2017-03-17

Description:
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Microsoft Edge Fetch API Arbitrary Header Setting
Yorick Koster
15.03.2017

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
4.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Microsoft -> EDGE 

 References:
http://www.securityfocus.com/bid/96653
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0140
Copyright 2024, cxsecurity.com

 

Back to Top