ID MS:CVE-2017-0203
Type mscve
Reporter Microsoft
Modified 2017-04-11T07:00:00


A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could use this vulnerability to trick a user into loading a web page with malicious content.

To exploit the vulnerability, an attacker must either trick a user into loading a web page or visit a website. The web page could also be injected into a compromised website or ad network.

The security update addresses the vulnerability by correcting how the CSP validates documents.