PT-2017-18502 · Microsoft · Internet Explorer+3
Published
2017-09-12
·
Updated
2017-09-21
·
CVE-2017-8736
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Internet Explorer in Microsoft Windows versions prior to the fixed version
Microsoft Edge and Internet Explorer in Windows 10 versions prior to the fixed version
Microsoft Edge and Internet Explorer in Windows Server 2016 versions prior to the fixed version
Description
An information disclosure issue exists in Microsoft browsers due to improper parent domain verification in certain functionality. This allows an attacker to obtain specific information used in the parent domain.
Recommendations
For Internet Explorer in Microsoft Windows, update to a version that includes the fix for this issue.
For Microsoft Edge and Internet Explorer in Windows 10, update to a version that includes the fix for this issue.
For Microsoft Edge and Internet Explorer in Windows Server 2016, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to sensitive information in the parent domain until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edge
Internet Explorer
Windows 10
Windows Server 2016