Medium severity4.3NVD Advisory· Published Jun 15, 2017· Updated May 13, 2026

CVE-2017-8498

Description

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504.

Affected products

Microsoft Corporation/Microsoft Edgev5
Range: Microsoft Windows 10 1607 and 1703, and Windows Server 2016.
Microsoft/Edge
cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8498nvdPatchVendor Advisory
www.securityfocus.com/bid/98886nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000