Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8736: Microsoft Browser Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2017-8736: Microsoft Browser Information Disclosure Vulnerability

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
09/12/2017
Created
07/25/2018
Added
09/12/2017
Modified
11/18/2021

Description

An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain. To exploit the vulnerability, an attacker must have access to host malicious content on a website this is on a subdomain of the parent domain, and then convince a user to visit the site. The security update addresses the vulnerability by helping to ensure that Microsoft browsers restrict access to certain functionality between the subdomain and the parent domain.

Solution(s)

  • msft-kb4036586-100d820a-34d2-4f62-ad61-872e2cbd7c4f
  • msft-kb4036586-1ee57033-1eba-47b8-b547-e9dfdc6a2127
  • msft-kb4036586-2bc93031-8f87-4d78-9446-65c0ea8a882b
  • msft-kb4036586-37862454-020d-4287-83fb-7b61731cde8c
  • msft-kb4036586-3bd3cfc2-d9b7-4999-8748-918cb2cedc65
  • msft-kb4036586-41e01fa9-a8e9-4ef5-b338-474523360c20
  • msft-kb4036586-60c44d4c-3843-404c-8e6d-fe65a1fa430d
  • msft-kb4036586-81774433-674c-4eef-9622-9a06d7fd18b2
  • msft-kb4036586-8213f752-b625-42dc-90a7-ca9c59056875
  • msft-kb4036586-900ceb5b-e8eb-44b5-ac8e-dd449724c7d0
  • msft-kb4036586-d16e1f54-0d9a-4d3e-b522-0dc18c7373de
  • msft-kb4036586-dcf4e654-a636-4d3d-808c-8bc58e047e3d
  • msft-kb4036586-e5cf852b-0b30-4330-adea-d30604db1ec7
  • msft-kb4036586-ee50f271-ac3a-4b80-b6d5-e08c024976ec
  • msft-kb4038781-543bcc38-5dd5-4468-ba64-42b448b2f723
  • msft-kb4038781-723a8a89-df76-45ca-8a16-9801e28fd75b
  • msft-kb4038782-397ff69f-657f-4029-9329-b2c00bd6a6a8
  • msft-kb4038782-e895239d-88ad-4ac3-b68f-8abb6b489d19
  • msft-kb4038782-e8a8e193-de5d-413d-990a-76d355b5fb5e
  • msft-kb4038783-7e41eb51-d66a-484f-a0d0-391ac07541b4
  • msft-kb4038783-cd8e051c-b8c6-40df-871b-909087f49cd6
  • msft-kb4038788-c74d6456-695e-4f07-a9b9-35e07259012b
  • msft-kb4038788-da917577-591c-4e7d-8ff0-4ef45f3c203f

References

View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;