Main Vulnerability Database Vulnerabilities #VU9286

#VU9286 Security restrictions bypass in Microsoft Edge - CVE-2017-11863

Published: November 14, 2017

Vulnerability identifier: #VU9286

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-11863

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Edge

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in Microsoft Edge due to improper validation of the malicious input by the Edge Content Security Policy (CSP). A remote attacker can bypass security restrictions and trick the victim into loading a page containing malicious content.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863

#VU9286 Security restrictions bypass in Microsoft Edge - CVE-2017-11863

Description

Remediation

External links

Please verify you're human