CVE-2017-0033Improper Input Validation in Corporation Browser

CWE-20Improper Input Validation21 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
10.3%
top 6.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Corporation BrowserMicrosoft Corporation BrowsersMicrosoft Corporation Edge+1 more
Timeline
PublishedMar 17
Latest updateMay 17

Description

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5microsoft_corporation/browserInternet Explorer 11 and Microsoft Edge
CVEListV5microsoft_corporation/browsersInternet Explorer 11 and Microsoft Edge

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

6
GHSA
GHSA-xrh4-xh5j-cjm2: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing2022-05-17
GHSA
GHSA-r538-cxj6-r3pj: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing2022-05-17
GHSA
GHSA-23g7-23q4-2x6g: Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability2022-05-17
CVEList
CVE-2017-0012: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing2017-03-17
CVEList
CVE-2017-0033: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing2017-03-17

💥Exploits & PoCs

4
Exploit-DB
Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read2017-12-19
Exploit-DB
Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free2017-12-19
Exploit-DB
Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD2017-12-19
Exploit-DB
Microsoft Internet Explorer 11.0.9600.18617 - 'CMarkup::DestroySplayTree' Memory Corruption2017-07-18

📋Vendor Advisories

1
Microsoft
Microsoft Browser Spoofing Vulnerability2017-03-14

🕵️Threat Intelligence

7
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
CVE-2017-0033 — Improper Input Validation | cvebase