Vulnerability Details : CVE-2017-8642
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.
Vulnerability category: Cross site scripting (XSS)Gain privilege
Products affected by CVE-2017-8642
- cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8642
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8642
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2017-8642
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8642
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642
CVE-2017-8642 | Microsoft Edge Elevation of Privilege VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/100046
Microsoft Edge CVE-2017-8642 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039101
Microsoft Edge Multiple Bugs Let Remote Users Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to