Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8754: Microsoft Edge Security Feature Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2017-8754: Microsoft Edge Security Feature Bypass Vulnerability

Severity
4
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:N)
Published
09/12/2017
Created
07/25/2018
Added
09/12/2017
Modified
11/18/2021

Description

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network. The security update addresses the bypass by correcting how the Edge CSP validates documents.

Solution(s)

  • msft-kb4038781-543bcc38-5dd5-4468-ba64-42b448b2f723
  • msft-kb4038781-723a8a89-df76-45ca-8a16-9801e28fd75b
  • msft-kb4038782-397ff69f-657f-4029-9329-b2c00bd6a6a8
  • msft-kb4038782-e895239d-88ad-4ac3-b68f-8abb6b489d19
  • msft-kb4038782-e8a8e193-de5d-413d-990a-76d355b5fb5e
  • msft-kb4038783-7e41eb51-d66a-484f-a0d0-391ac07541b4
  • msft-kb4038783-cd8e051c-b8c6-40df-871b-909087f49cd6
  • msft-kb4038788-c74d6456-695e-4f07-a9b9-35e07259012b
  • msft-kb4038788-da917577-591c-4e7d-8ff0-4ef45f3c203f

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;