CVE-2017-8602 — Improper Input Validation in Microsoft Internet Explorer

CWE-20 — Improper Input Validation6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

27.2%

top 3.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedJul 11

Latest updateMay 17

Description

Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer11

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cp54-fjgm-8hr7: Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8↗2022-05-17

▶

CVEList

CVE-2017-8602: Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8↗2017-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft Browser Spoofing Vulnerability↗2017-07-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - July 2017↗2017-07-11

▶

💬Community

Bugzilla

CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5↗2016-10-12

▶