Main Vulnerability Database Vulnerabilities #VU1159

Spoofing attack - CVE-2016-7209

Published: November 9, 2016

Vulnerability identifier: #VU1159

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7209

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

A remote attacker can perform a spoofing attack.

The vulnerability exists due to an error when parsing HTTP responses. A remote attacker can redirect a victim to a specially crafted web site and perform spoofing attack.

Successful exploitation of the vulnerability may allow an attacker to spoof website content.

Note: this vulnerability is publicly disclosed.

How to mitigate CVE-2016-7209

Windows 10 for 32-bit Systems:
https://support.microsoft.com/kb/3198585
Windows 10 for x64-based Systems:
https://support.microsoft.com/kb/3198585
Windows 10 Version 1511 for 32-bit Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1511 for x64-based Systems:
https://support.microsoft.com/kb/3198586
Windows 10 Version 1607 for 32-bit Systems:
https://support.microsoft.com/kb/3200970
Windows 10 Version 1607 for x64-based Systems:
https://support.microsoft.com/kb/3200970
Windows Server 2016 for x64-based Systems:
https://support.microsoft.com/kb/3200970

Sources

https://technet.microsoft.com/library/security/MS16-129

Spoofing attack - CVE-2016-7209

Detailed vulnerability description

How to mitigate CVE-2016-7209

Sources

Please verify you're human