CVE-2017-8599
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8599
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | - | not-affected | |
| windows | 1511 | not-affected | |
| windows | 1607 | not-affected | |
| windows | 1703 | not-affected | |
| windows | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microsoft | edge | | |
References
- http://www.securityfocus.com/bid/99393
- http://www.securitytracker.com/id/1038858
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8599
- http://www.securityfocus.com/bid/99393
- http://www.securitytracker.com/id/1038858
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8599
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.