漏洞类别:Windows
漏洞等级: 
漏洞信息
Microsoft Edge fails to enforce cross-domain policies with regards to about:blank, this could allow information from one domain to be injected in to another leading to elevation of privilege.
Microsoft has assigned this advisory as Important for Microsoft Edge on Windows 10 and Windows Server 2016.
The update resolves the vulnerability by assigning unique origin to top-level windows which navigate to data URLs.
漏洞危害
An attacker could host a website to exploit the vulnerability, it could also be exploited by providing crafted content to websites that accepts user input.
解决方案
Customers are advised to refer to Microsoft Security Bulletin MS17-001 for details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS17-001: Windows 10 for 32-bit Systems
MS17-001: Windows 10 for 64-bit Systems
MS17-001: Windows 10 Version 1511 for 32-bit Systems
MS17-001: Windows 10 Version 1511 for 64-bit Systems
MS17-001: Windows 10 Version 1607 for 32-bit
0day
文章评论