Main Vulnerability Database Vulnerabilities #VU6473

Privilege escalation in Microsoft Edge - CVE-2017-0241

Published: May 9, 2017 / Updated: May 12, 2017

Vulnerability identifier: #VU6473

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-0241

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Edge

Detailed vulnerability description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to improper rendering of domain-less page in the URL by Microsoft Edge. A remote attacker can create a specially crafted website, trick the victim into visiting it, gain elevated privileges, perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone.

Successful exploitation of the vulnerability results in arbitrary code execution.

How to mitigate CVE-2017-0241

Install update from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0241

Privilege escalation in Microsoft Edge - CVE-2017-0241

Detailed vulnerability description

How to mitigate CVE-2017-0241

Sources

Please verify you're human