Main Vulnerability Database Vulnerabilities #VU9286

Security restrictions bypass in Microsoft Edge - CVE-2017-11863

Published: November 14, 2017

Vulnerability identifier: #VU9286

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-11863

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft Edge

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in Microsoft Edge due to improper validation of the malicious input by the Edge Content Security Policy (CSP). A remote attacker can bypass security restrictions and trick the victim into loading a page containing malicious content.

How to mitigate CVE-2017-11863

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863

Security restrictions bypass in Microsoft Edge - CVE-2017-11863

Detailed vulnerability description

How to mitigate CVE-2017-11863

Sources

Please verify you're human