8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Added: 08/01/2017
CVE: CVE-2017-0037
BID: 96088
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Microsoft Internet Explorer has two vulnerabilities in the way objects are handled in memory. The first, CVE-2017-0059, is an information disclosure vulnerability which can be used to detect information about the base heap address. The second vulnerability, CVE-2017-0037, is due to a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement
function in mshtml.dll
, which allows remote attackers to execute arbitrary code. The information disclosed by the first vulnerability can be used to improve the success rate of exploitation of the second vulnerability.
Apply the appropriate update referenced in Microsoft Security Bulletin MS17-006.
<https://www.exploit-db.com/exploits/42354/>
<https://redr2e.com/cve-to-exploit-cve-2017-0037-and-0059/>
<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0059>
<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0037>
Exploit works on Windows 7 x86-64 with Internet Explorer 11 build 11.0.37 and earlier.
Windows 7
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%