CVE-2017-8498

Name of the Vulnerable Software and Affected Versions Microsoft Edge versions in Windows 10 1607 and 1703, and Windows Server 2016

Description The issue allows an attacker to read data not intended to be disclosed when Microsoft Edge permits JavaScript XML DOM objects to detect installed browser extensions. This could potentially be used to obtain information in an attempt to further compromise the affected system. The vulnerability does not allow an attacker to execute code or elevate a user's rights directly.

Recommendations For Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016, consider restricting access to JavaScript XML DOM objects to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.