Information disclosure in Microsoft Edge - CVE-2017-8662
Published: August 8, 2017 / Updated: August 8, 2017
Vulnerability identifier: #VU7719
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8662
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Edge
Microsoft Edge
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper validation of strings in specific scenarios by Microsoft Edge. A remote attacker can run an affected application, gain access to arbitrary files and bypass Address Space Layout Randomization (ASLR).
Successful exploitation of the vulnerability may result in further attacks.
The weakness exists due to improper validation of strings in specific scenarios by Microsoft Edge. A remote attacker can run an affected application, gain access to arbitrary files and bypass Address Space Layout Randomization (ASLR).
Successful exploitation of the vulnerability may result in further attacks.
How to mitigate CVE-2017-8662
Install updates from vendor's website.