Main Vulnerability Database Vulnerabilities #VU7048

Security bypass in Microsoft Edge - CVE-2017-8555

Published: June 13, 2017

Vulnerability identifier: #VU7048

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-8555

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Edge

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restriction on the target system.

The weakness exists due to improper input validation of the Edge Content Security Policy (CSP). A remote attacker can create a specially crafted website containing malicious content, trick the victim into loading it and bypass security restrictions.

Successful exploitation of the vulnerability may result in access to the affected system.

How to mitigate CVE-2017-8555

Install update from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8555

Security bypass in Microsoft Edge - CVE-2017-8555

Detailed vulnerability description

How to mitigate CVE-2017-8555

Sources

Please verify you're human