CVE-2017-0135
Severity Score
4.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
Microsoft Edge permite a atacantes remotos eludir la Same Origin Policy para elementos HTML en otros navegadores de windows, vulnerabilidad tambiƩn conocida como "Microsoft Edge Security Feature Bypass Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0066 y CVE-2017-0140.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-09-09 CVE Reserved
- 2017-03-17 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96656 | Vdb Entry | |
| http://www.securitytracker.com/id/1038006 | Vdb Entry | |
| https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754 | X_refsource_misc | |
| https://www.freebuf.com/articles/web/164871.html | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0135 | 2019-10-03 |
| URL | Date | SRC |
|---|