Spoofing Vulnerability in Microsoft Browsers on Windows Platforms
CVE-2017-8602

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows 7 Sp1, Windows Server 2008 R2 Sp1, Windows 8.1 And Windows Rt 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, And 1703, And Windows Server 2016
Vendor
CVE Published:
11 July 2017

Summary

A spoofing vulnerability exists in Microsoft browsers, which arises from the improper parsing of HTTP content. An attacker exploiting this vulnerability could potentially deceive users by altering the presentation of web content, misleading them regarding the legitimacy of a site. This impact can result in unauthorized actions being taken on behalf of the users, making it crucial for organizations to ensure that they are using patched versions of affected Windows systems.

Affected Version(s)

Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Microsoft IE 11 and Edge

References

http://www.securitytracker.com/id/1038860
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99390
vdb-entryx_refsource_BID

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.