CVE-2017-0210

CVSS 8.8 HIGHEPSS 19.5%● KEV

In short

Internet Explorer fails to properly enforce cross-domain security rules, allowing an attacker to steal information from one website and inject it into another. This can lead to unauthorized access to sensitive data or malicious modifications in your browser.

Technical detail

The vulnerability occurs due to improper enforcement of cross-domain policies in Internet Explorer, allowing Same-Origin Policy bypass. An attacker can craft a malicious webpage that, when visited by a target, reads data from another domain and injects it into the victim's context, resulting in information disclosure or privilege escalation within the browser's security model.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Microsoft Corporation · Internet Explorer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0210 http://www.securityfocus.com/bid/97512 http://www.securitytracker.com/id/1038238