Bing
Monthly
UI misrepresentation of critical information in Microsoft Bing Search for Android (versions below 33.3) enables unauthenticated network-based attackers to spoof content displayed to end users. The vulnerability (CWE-451) causes the application to render or present critical information-such as URLs, security indicators, or source attribution-in a misleading way, enabling deception attacks. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the zero-privilege-required, low-complexity network vector makes it accessible to opportunistic attackers targeting users of the unpatched Android application.
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Bing Search Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.2%.
UI misrepresentation of critical information in Microsoft Bing Search for Android (versions below 33.3) enables unauthenticated network-based attackers to spoof content displayed to end users. The vulnerability (CWE-451) causes the application to render or present critical information-such as URLs, security indicators, or source attribution-in a misleading way, enabling deception attacks. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the zero-privilege-required, low-complexity network vector makes it accessible to opportunistic attackers targeting users of the unpatched Android application.
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Bing Search Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.2%.