Vulnerability Details : CVE-2017-0231
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."
Vulnerability category: Input validation
Products affected by CVE-2017-0231
- cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0231
0.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0231
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2017-0231
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-0231
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0231
CVE-2017-0231 | Microsoft Browser Spoofing VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1038455
Microsoft Edge HTML Parsing Flaw Lets Remote Users Redirect the Target User's Browser to an Arbitrary Site to Conduct Spoofing Attacks - SecurityTracker
-
http://www.securityfocus.com/bid/98173
Microsoft Internet Explorer and Edge CVE-2017-0231 Spoofing VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038456
Microsoft Internet Explorer HTML Parsing Flaw Lets Remote Users Redirect the Target User's Browser to an Arbitrary Site to Conduct Spoofing Attacks - SecurityTracker
Jump to