| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-107 | Cumulative Security Update for Microsoft Edge (3096448) | Windows 10 | Important | 14-10-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge.
Detailed Information on the risk:
A cross-site scripting (XSS) filter bypass exists in the way that Microsoft Edge disables an HTML attribute in otherwise appropriately filtered HTTP response data. The bypass could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.
An attacker could post on a website specially crafted content that is designed to exploit this bypass. The attacker would then have to convince the user to view the content on the affected website. If the user then browses to the website, the XSS filter disables HTML attributes in the specially crafted content, creating a condition that could allow malicious script to run in the wrong security context, leading to information disclosure.
Windows 10 for 32-bit SystemsAn attacker could post on a website specially crafted content that is designed to exploit this bypass. The attacker would then have to convince the user to view the content on the affected website. If the user then browses to the website, the XSS filter disables HTML attributes in the specially crafted content, creating a condition that could allow malicious script to run in the wrong security context, leading to information disclosure.
Further information on this exploit is available at : MS15-107
Windows 10 for x64-based Systems
Affected Software
Windows 10 for 32-bit SystemsWindows 10 for x64-based Systems