CVE-2017-8754

medium Microsoft
CVSS v3 Base Score
4.2
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
5.1%
Exploitation probability in 30 days
Top 10% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: September 13, 2017 (3166 days ago)
Last Modified: May 13, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.

CWE

CWE-20

Affected Products

microsoft edge

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 portal.msrc.microsoft.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com