<< Back
CVE Number Vulnerability Product Severity Date
MS15-107 Cumulative Security Update for Microsoft Edge (3096448) Windows 10 Important 14-10-2015

Technical Information

Brief overview of the risk:
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge.

Detailed Information on the risk:

A cross-site scripting (XSS) filter bypass exists in the way that Microsoft Edge disables an HTML attribute in otherwise appropriately filtered HTTP response data. The bypass could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.
An attacker could post on a website specially crafted content that is designed to exploit this bypass. The attacker would then have to convince the user to view the content on the affected website. If the user then browses to the website, the XSS filter disables HTML attributes in the specially crafted content, creating a condition that could allow malicious script to run in the wrong security context, leading to information disclosure.

Further information on this exploit is available at : MS15-107

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems

Affected Software

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems