Home

CVE-2017-0002

Description

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka Microsoft Edge Elevation of Privilege Vulnerability.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
14.732

Associated Vulnerability

VulnerabilityOS Platform
Internet Explorer Elevation of Privilege Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB3210721) - CumulativeWindows
Internet Explorer Elevation of Privilege Vulnerability for Windows 10 Version 1511 (KB3210721) - CumulativeWindows
Internet Explorer Elevation of Privilege Vulnerability for Windows Server 2016 for x64-based Systems (KB3213986) - CumulativeWindows
Internet Explorer Elevation of Privilege Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB3213986) - CumulativeWindows
Internet Explorer Elevation of Privilege Vulnerability for Windows 10 Version 1607 (KB3213986) - CumulativeWindows
Internet Explorer Elevation of Privilege Vulnerability for Windows 10 for x64-based Systems (KB3210720) - CumulativeWindows
Internet Explorer Elevation of Privilege Vulnerability for Windows 10 (KB3210720)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-21967Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3210721)
PATCH-21966Cumulative Update for Windows 10 Version 1511 (KB3210721)
PATCH-21970Cumulative Update for Windows Server 2016 for x64-based Systems (KB3213986)
PATCH-21969Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3213986)
PATCH-21968Cumulative Update for Windows 10 Version 1607 (KB3213986)
PATCH-21965Cumulative Update for Windows 10 for x64-based Systems (KB3210720)
PATCH-21964Cumulative Update for Windows 10 (KB3210720)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234