CVE-2017-0231
published 2017-05-12CVE-2017-0231: A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."
PriorityP420medium4.3CVSS 3.0
AVNACLPRNUIRSUCNILAN
EPSS
3.67%
88.3th percentile
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft_corporation | microsoft_browsers | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Browser Spoofing Vulnerability
vendor_msrc·2017-05-09·CVSS 4.3
CVE-2017-0231 [MEDIUM] Microsoft Browser Spoofing Vulnerability
Microsoft Browser Spoofing Vulnerability
Description: A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could then either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.
To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.
In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. Howe
GHSA
GHSA-2r45-cq2m-36wr: A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability
ghsa_unreviewed·2022-05-17
CVE-2017-0231 [MEDIUM] CWE-20 GHSA-2r45-cq2m-36wr: A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/98173http://www.securitytracker.com/id/1038455http://www.securitytracker.com/id/1038456https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0231http://www.securityfocus.com/bid/98173http://www.securitytracker.com/id/1038455http://www.securitytracker.com/id/1038456https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0231
2017-05-12
Published