CVE-2017-11833
low
CVSS v3
3.1
CVSS v2
2.6
VIR risk
3.1
Description
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844.
Predictions
Exploit likelihood
42%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11833
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | not-affected | | |
| windows | 1511 | not-affected | |
| windows | 1607 | not-affected | |
| windows | 1703 | not-affected | |
| windows | 1709 | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | edge | | |
References
- http://www.securityfocus.com/bid/101706
- http://www.securitytracker.com/id/1039797
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11833
- http://www.securityfocus.com/bid/101706
- http://www.securitytracker.com/id/1039797
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11833
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.