Here's the page we think you wanted. See search results instead:

Chat Live

Welcome

You are signed as:

My Profile
Logout

Please Confirm

Confirm your country to access relevant pricing, special offers, events, and contact information.

What are you looking for?

I'm looking for support Pro Oscilloscopes Handheld Spectrum Analyzers Compact Signal Generators Find a solution Get technical support Take a class Find us at events Premium used equipment KeysightCare Buy online

No product matches found - System Exception

Microsoft Internet Explorer and Edge Browser BlockSite Spoofing

Strike ID:

E17-30x01

CVSS:

4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

False Positive:

Variants:

Year:

2017

Description

This strike exploits a vulnerability that exists in the Microsoft Internet Explorer and Edge Browsers. If a request to a URL is made, a check to ensure that the page is not a security error page is performed, and if it is, the BlockedSite warning page will be called. A malicious attacker can utilize the ms-appx-web protocol and make a request to this warning page with his or her own data as parameters to spoof the information presented to the user when the page is displayed. This can lead to a social engineering attack.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0033

References

https://www.brokenbrowser.com/bypass-the-patch-to-keep-spoofing-the-address-bar-with-the-malware-warning/

Microsoft Internet Explorer and Edge Browser BlockSite Spoofing

Description

CVE

References

Bid