CVE-2017-0064

Опубликовано: 09 мая 2017

Источник: msrc

CVSS3: 2.4

EPSS Средний

Описание

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings. This could allow for the loading of unsecure content (HTTP) from secure locations (HTTPS).

In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment.

The security update addresses the security feature bypass by correcting how Internet Explorer handles mixed content.

Обновления

Продукт	Статья	Обновление
Internet Explorer 11 on Windows Server 2016	4019472	Security Update
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems	4016871	Security Update
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems	4016871	Security Update
Internet Explorer 10 on Windows Server 2012	4019216 4018271	Monthly Rollup IE Cumulative
Internet Explorer 11 on Windows 8.1 for 32-bit systems	4019215 4018271	Monthly Rollup IE Cumulative
Internet Explorer 11 on Windows 8.1 for x64-based systems	4019215 4018271	Monthly Rollup IE Cumulative
Internet Explorer 11 on Windows Server 2012 R2	4019215 4018271	Monthly Rollup IE Cumulative
Internet Explorer 11 on Windows RT 8.1	4019215	-
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1	4019264 4018271	Monthly Rollup IE Cumulative
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1	4019264 4018271	Monthly Rollup IE Cumulative

Показывать по

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 96%

0.22416

Средний

2.4 Low

CVSS3

Связанные уязвимости

CVE-2017-0064

CVSS3: 6.5

nvd

около 8 лет назад

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability."

GHSA-62jc-vgjw-3qjv