CVE-2017-8555

MEDIUM

Microsoft Edge - Improper Input Validation

Title source: rule

Description

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98956

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8555

Scores

CVSS v3 4.3

EPSS 0.0608

EPSS Percentile 90.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-20

Status published

Products (2)

microsoft/edge

Microsoft Corporation/Microsoft Edge < Microsoft Windows 10 1703.

Published Jun 15, 2017

Tracked Since Feb 18, 2026