Medium severity4.4NVD Advisory· Published Mar 17, 2017· Updated May 13, 2026

CVE-2017-0154

Description

Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability."

Affected products

Microsoft/Internet Explorer2 versions
cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
- (no CPE)
Microsoft Corporation/Internet Explorerv5
Range: Internet Explorer 11 in Windows 10, 1511, 1606, and Windows Server 2016

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0154nvdPatchVendor Advisory
www.securityfocus.com/bid/96766nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038008nvd

News mentions

No linked articles in our index yet.

cvss	0.286
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000