Home

CVE-2017-0135

Description

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka Microsoft Edge Security Feature Bypass Vulnerability. This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
22.472

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Browser Spoofing Vulnerability for Windows Server 2016 for x64-based Systems (KB4013429) - CumulativeWindows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4013429) - CumulativeWindows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1607 (KB4013429) - CumulativeWindows
Microsoft Browser Spoofing Vulnerability for Windows 10 for x64-based Systems (KB4012606) - CumulativeWindows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB4013198) - CumulativeWindows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1511 (KB4013198) - CumulativeWindows
Microsoft Browser Spoofing Vulnerability for Windows 10 (KB4012606)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-22054Cumulative Update for Windows Server 2016 for x64-based Systems (KB4013429)
PATCH-22053Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4013429)
PATCH-22052Cumulative Update for Windows 10 Version 1607 (KB4013429)
PATCH-22049Cumulative Update for Windows 10 for x64-based Systems (KB4012606)
PATCH-22051Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4013198)
PATCH-22050Cumulative Update for Windows 10 Version 1511 (KB4013198)
PATCH-22048Cumulative Update for Windows 10 (KB4012606)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234