ID CVE-2017-0037
Summary Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 19-11-2017 - 02:29)
Impact:
Exploitability:
CWE CWE-704
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
msbulletin via4
  • bulletin_id MS17-006
    bulletin_url
    date 2017-03-14T00:00:00
    impact Remote Code Execution
    knowledgebase_id 4013073
    knowledgebase_url
    severity Critical
    title Cumulative Security Update for Internet Explorer
  • bulletin_id MS17-007
    bulletin_url
    date 2017-03-14T00:00:00
    impact Remote Code Execution
    knowledgebase_id 4013071
    knowledgebase_url
    severity Critical
    title Cumulative Security Update for Microsoft Edge
refmap via4
bid 96088
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037
exploit-db
  • 41454
  • 42354
  • 43125
misc
sectrack
  • 1037905
  • 1037906
saint via4
bid 96088
description Internet Explorer mshtml.dll Memory Corruption Vulnerability
id win_patch_ie_v11
title ie_mshtmldll_memory_corruption
type client
Last major update 19-11-2017 - 02:29
Published 26-02-2017 - 23:59
Last modified 19-11-2017 - 02:29
Back to Top