Vulnerability Details : CVE-2017-8736
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability".
Vulnerability category: Information leak
Products affected by CVE-2017-8736
- cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*When used together with: Microsoft » Windows 8.1When used together with: Microsoft » Windows Rt 8.1
- cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2016
Exploit prediction scoring system (EPSS) score for CVE-2017-8736
1.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8736
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2017-8736
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8736
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8736
CVE-2017-8736 | Microsoft Browser Information Disclosure VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/100743
Microsoft Internet Explorer and Edge CVE-2017-8736 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039342
Microsoft Edge Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039343
Microsoft Internet Explorer Multiple Flaws Let Remote Users Obtain Potentially Sensitive Cross-Domain Information and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
Jump to