CVE-2017-8602
MEDIUMMicrosoft Edge and Internet Explorer - Spoofing via HTTP Content Parsing
Title source: llmDescription
Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038860
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8602
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99390
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038859
Scores
CVSS v3
6.5
EPSS
0.2718
EPSS Percentile
96.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (3)
microsoft/edge
microsoft/internet_explorer
11
Microsoft Corporation/Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
Microsoft IE 11 and Edge
Published
Jul 11, 2017
Tracked Since
Feb 18, 2026