Microsoft Bing Search Spoofing Vulnerability

ID MS:CVE-2020-1329
Type mscve
Reporter Microsoft
Modified 2020-06-09T07:00:00


A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website, when browsed using the app could spoof the URL and serve malicious content.

To exploit the vulnerability, the user must either browse a malicious website with Bing Search App or be redirected to it by the attacker.

The security update addresses the vulnerability by correcting how Microsoft Bing Search for Android displays the site URL.