CVE-2017-8592

Published Jul 11, 2017

Last updated 7 years ago

Overview

Description: Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References