CVE-2017-8602

EUVD-2017-17551
Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoftedge
*
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4025338
1511 (x64, x86)
KB4025344
1607 (x64, x86)
KB4025339
1703 (x64, x86)
KB4025342
Windows 7
Service Pack 1 (x64, x86)
KB4025341
Windows 8.1
(x64, x86)
KB4025336
Windows RT 8.1
All
KB4025336
Windows Server 2008 R2
Service Pack 1 (x64)
KB4025341
Windows Server 2012 R2
Standard
KB4025336
Windows Server 2016
Standard
KB4025339
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99390
http://www.securitytracker.com/id/1038859
http://www.securitytracker.com/id/1038860
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8602
http://www.securityfocus.com/bid/99390
http://www.securitytracker.com/id/1038859
http://www.securitytracker.com/id/1038860
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8602