Vulnerabilities > CVE-2017-0135 - Unspecified vulnerability in Microsoft Edge
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS17-007.NASL |
| description | The version of Microsoft Edge installed on the remote Windows host is missing Cumulative Security Update 4013071. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. Note that in order to be fully protected from CVE-2017-0071, Microsoft recommends the July 2017 security updates to be installed. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 97730 |
| published | 2017-03-14 |
| reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/97730 |
| title | MS17-007: Cumulative Security Update for Microsoft Edge (4013071) |
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135
- http://www.securityfocus.com/bid/96656
- http://www.securitytracker.com/id/1038006
- https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
- https://www.freebuf.com/articles/web/164871.html