CVE-2017-8642

MEDIUM

Microsoft Edge - XSS

Title source: rule

Description

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100046

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039101

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642

Scores

CVSS v3 6.1

EPSS 0.0090

EPSS Percentile 75.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

microsoft/edge

Microsoft Corporation/Microsoft Edge < Microsoft Windows 10 1703.

Published Aug 08, 2017

Tracked Since Feb 18, 2026