Microsoft Edge Security Feature Bypass in Windows 10 and Windows Server
CVE-2017-8599

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows 10 Gold, 1511, 1607, And 1703, And Windows Server 2016
Vendor
CVE Published:
11 July 2017

Summary

A vulnerability in Microsoft Edge allows an attacker to exploit a failure in the Content Security Policy (CSP) validation process. This weakness enables malicious actors to trick users into loading harmful web pages by delivering specially crafted documents. The issue affects various versions of Windows 10, including Gold, 1511, 1607, and 1703, as well as Windows Server 2016, posing a risk to system integrity and user trust.

Affected Version(s)

Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Edge CSP

References

https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038858
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99393
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.