CVE-2017-0231 — Improper Input Validation in Corporation Microsoft Browsers

CWE-20 — Improper Input Validation5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

8.5%

top 7.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Browsers Microsoft Internet Explorer

Timeline

PublishedMay 12

Latest updateMay 17

Description

A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5microsoft_corporation/microsoft_browsersWindows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012 R2,Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, and Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016.

▶NVDmicrosoft/internet_explorer11

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-2r45-cq2m-36wr: A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability↗2022-05-17

▶

CVEList

CVE-2017-0231: A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability↗2017-05-12

▶

📋Vendor Advisories

Microsoft

Microsoft Browser Spoofing Vulnerability↗2017-05-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - May 2017↗2017-05-10

▶