CVE-2017-0037

KEV

🔴 Łataj teraz

Typowe pomylenie typów w Internet Explorer i Edge umożliwia zdalne wykonanie kodu.

CVSS

8.1

EPSS

90.5%

Exploit

weaponized

Vendor

microsoft

Opis źródłowy (NVD)

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

exploit Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	8.1
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	90.5%
Opublikowano (NVD)	2017-02-26 23:59:00 UTC
Ostatnia modyfikacja (NVD)	2026-04-22 13:49:42 UTC

Referencje

http://www.securityfocus.com/bid/96088 (secure@microsoft.com) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securitytracker.com/id/1037905 (secure@microsoft.com) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securitytracker.com/id/1037906 (secure@microsoft.com) [Broken Link, Third Party Advisory, VDB Entry]
https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html (secure@microsoft.com) [Exploit, Third Party Advisory]
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 (secure@microsoft.com) [Exploit, Issue Tracking, Third Party Advisory]
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037 (secure@microsoft.com) [Patch, Vendor Advisory]
https://www.exploit-db.com/exploits/41454/ (secure@microsoft.com) [Exploit, Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/42354/ (secure@microsoft.com) [Exploit, Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/43125/ (secure@microsoft.com) [Exploit, Third Party Advisory, VDB Entry]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0037 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]