Bird_banner_small4
Microsoft Edge CVE-2017-0010 Memory Corruption
TSL ID TSL20170314-31
CVE ID(s) CVE-2017-0010
Severity High
Description

A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper use of objects in memory.

A remote attacker could exploit the vulnerability by enticing a user to open a maliciously crafted web page. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with the privileges of the browser.

The vendor, Microsoft, has published an advisory to address the issue:

https://technet.microsoft.com/en-us/library/security/MS17-007

Affected Products
  • Microsoft Edge .
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.0 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
Microsoft Security Bulletin
Related Threats