CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS17-001 | Security Update for Microsoft Edge (3214288) | Microsoft Edge | Important | 11-01-2017 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in . This vulnerability could allow elevation of privilege if a user views a specially crafted webpage using . An attacker who successfully exploited the vulnerability could elevate privileges in affected versions of .
Detailed Information on the risk:
An elevation of privilege vulnerability exists when does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of .
In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability.Further information on this exploit is available at : MS17-001