CVE-2017-0002

Name of the Vulnerable Software and Affected Versions Microsoft Edge (affected versions not specified)

Description The issue allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs. This is an elevation of privilege vulnerability that exists when Microsoft Edge does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Microsoft Edge.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.