Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-079
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Internet Explorer 9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Internet Explorer 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Internet Explorer 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-3002",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3002"
},
{
"name": "CVE-2017-3001",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3001"
},
{
"name": "CVE-2017-3003",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3003"
},
{
"name": "CVE-2017-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0012"
},
{
"name": "CVE-2017-0049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0049"
},
{
"name": "CVE-2017-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0018"
},
{
"name": "CVE-2017-2997",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2997"
},
{
"name": "CVE-2017-3000",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3000"
},
{
"name": "CVE-2017-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0009"
},
{
"name": "CVE-2017-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0154"
},
{
"name": "CVE-2017-0040",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0040"
},
{
"name": "CVE-2017-0008",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0008"
},
{
"name": "CVE-2017-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0059"
},
{
"name": "CVE-2017-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0033"
},
{
"name": "CVE-2017-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2998"
},
{
"name": "CVE-2017-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0037"
},
{
"name": "CVE-2017-0149",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0149"
},
{
"name": "CVE-2017-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0130"
},
{
"name": "CVE-2017-2999",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2999"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-079",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS17-023 du 14 mars 2017",
"url": "https://technet.microsoft.com/fr-fr/library/security/MS17-023"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS17-006 du 14 mars 2017",
"url": "https://technet.microsoft.com/fr-fr/library/security/MS17-006"
}
]
}
CVE-2017-0008 (GCVE-0-2017-0008)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038008 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96073 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Internet Explorer |
Affected:
Internet Explorer 9 through 11
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Internet Explorer",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Explorer 9 through 11"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 9 through 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0008",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0009 (GCVE-0-2017-0009)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96077 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.security-assessment.com/files/document… | x_refsource_MISC |
| http://www.securitytracker.com/id/1038006 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Browser |
Affected:
Internet Explorer 9 through 11 and Edge
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf"
},
{
"name": "1038006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Browser",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Explorer 9 through 11 and Edge"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "96077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf"
},
{
"name": "1038006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Browser",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 9 through 11 and Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96077"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009"
},
{
"name": "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf"
},
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0009",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0012 (GCVE-0-2017-0012)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038006 | vdb-entryx_refsource_SECTRACK |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96085 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Browsers |
Affected:
Internet Explorer 11 and Microsoft Edge
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012"
},
{
"name": "96085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96085"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Browsers",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Explorer 11 and Microsoft Edge"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012"
},
{
"name": "96085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96085"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Browsers",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 11 and Microsoft Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0012"
},
{
"name": "96085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96085"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0012",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0018 (GCVE-0-2017-0018)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96086 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1038008 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Internet Explorer |
Affected:
Internet Explorer 10 and 11
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018"
},
{
"name": "96086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96086"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Internet Explorer",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Explorer 10 and 11"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018"
},
{
"name": "96086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96086"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 10 and 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018"
},
{
"name": "96086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96086"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0018",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0033 (GCVE-0-2017-0033)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96087 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038006 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Browser |
Affected:
Internet Explorer 11 and Microsoft Edge
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96087",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0033"
},
{
"name": "1038006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Browser",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Explorer 11 and Microsoft Edge"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "96087",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0033"
},
{
"name": "1038006",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Browser",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 11 and Microsoft Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka \"Microsoft Browser Spoofing Vulnerability.\" This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96087"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0033",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0033"
},
{
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0033",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0037 (GCVE-0-2017-0037)
Vulnerability from cvelistv5 – Published: 2017-02-26 23:30 – Updated: 2025-10-21 23:55
VLAI?
EPSS
Summary
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
Severity ?
8.1 (High)
CWE
- Remote Code Execution
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://bugs.chromium.org/p/project-zero/issues/d… | x_refsource_MISC |
| https://0patch.blogspot.si/2017/03/0patching-anot… | x_refsource_MISC |
| http://www.securityfocus.com/bid/96088 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/41454/ | exploitx_refsource_EXPLOIT-DB |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/43125/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securitytracker.com/id/1037905 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/42354/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securitytracker.com/id/1037906 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Internet Browser |
Affected:
Internet Explorer 10 and 11 and Edge
|
Date Public ?
2017-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html"
},
{
"name": "96088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96088"
},
{
"name": "41454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41454/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037"
},
{
"name": "43125",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43125/"
},
{
"name": "1037905",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037905"
},
{
"name": "42354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42354/"
},
{
"name": "1037906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037906"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-0037",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T16:02:42.690788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0037"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:46.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0037"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-28T00:00:00.000Z",
"value": "CVE-2017-0037 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Internet Browser",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Explorer 10 and 11 and Edge"
}
]
}
],
"datePublic": "2017-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html"
},
{
"name": "96088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96088"
},
{
"name": "41454",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41454/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037"
},
{
"name": "43125",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43125/"
},
{
"name": "1037905",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037905"
},
{
"name": "42354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42354/"
},
{
"name": "1037906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Browser",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 10 and 11 and Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011"
},
{
"name": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html"
},
{
"name": "96088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96088"
},
{
"name": "41454",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41454/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037"
},
{
"name": "43125",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43125/"
},
{
"name": "1037905",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037905"
},
{
"name": "42354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42354/"
},
{
"name": "1037906",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0037",
"datePublished": "2017-02-26T23:30:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:46.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0040 (GCVE-0-2017-0040)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:47
VLAI?
EPSS
Summary
The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.security-assessment.com/files/document… | x_refsource_MISC |
| http://www.securityfocus.com/bid/96094 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1038008 | vdb-entryx_refsource_SECTRACK |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Internet Explorer |
Affected:
The scripting engine in Microsoft Internet Explorer 9 through 11
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf"
},
{
"name": "96094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96094"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Internet Explorer",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "The scripting engine in Microsoft Internet Explorer 9 through 11"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0130."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf"
},
{
"name": "96094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96094"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "The scripting engine in Microsoft Internet Explorer 9 through 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0130."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf"
},
{
"name": "96094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96094"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0040",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:47:57.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0049 (GCVE-0-2017-0049)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
VLAI?
EPSS
Summary
The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038008 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96095 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Internet Explorer |
Affected:
The VBScript engine in Microsoft Internet Explorer 11
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:17.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Internet Explorer",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "The VBScript engine in Microsoft Internet Explorer 11"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "The VBScript engine in Microsoft Internet Explorer 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "96095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0049",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:55:17.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0059 (GCVE-0-2017-0059)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2025-10-21 23:55
VLAI?
EPSS
Summary
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.
Severity ?
4.3 (Medium)
CWE
- Information Disclosure
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96645 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/43125/ | exploitx_refsource_EXPLOIT-DB |
| https://www.exploit-db.com/exploits/41661/ | exploitx_refsource_EXPLOIT-DB |
| https://www.exploit-db.com/exploits/42354/ | exploitx_refsource_EXPLOIT-DB |
| http://www.securitytracker.com/id/1038008 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Internet Explorer |
Affected:
Internet Explorer 9 through 11
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:17.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059"
},
{
"name": "96645",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96645"
},
{
"name": "43125",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43125/"
},
{
"name": "41661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41661/"
},
{
"name": "42354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42354/"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038008"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-0059",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:10:02.608956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0059"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:45.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0059"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-28T00:00:00.000Z",
"value": "CVE-2017-0059 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Internet Explorer",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Internet Explorer 9 through 11"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-18T10:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059"
},
{
"name": "96645",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96645"
},
{
"name": "43125",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43125/"
},
{
"name": "41661",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41661/"
},
{
"name": "42354",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42354/"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Internet Explorer 9 through 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059"
},
{
"name": "96645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96645"
},
{
"name": "43125",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43125/"
},
{
"name": "41661",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41661/"
},
{
"name": "42354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42354/"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0059",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:45.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0130 (GCVE-0-2017-0130)
Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
VLAI?
EPSS
Summary
The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0040.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/96647 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038008 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | Internet Explorer |
Affected:
The scripting engine in Microsoft Internet Explorer 9 through 11
|
Date Public ?
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:18.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96647"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Internet Explorer",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "The scripting engine in Microsoft Internet Explorer 9 through 11"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0040."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "96647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96647"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130"
},
{
"name": "1038008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "The scripting engine in Microsoft Internet Explorer 9 through 11"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0040."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96647"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0130"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0130",
"datePublished": "2017-03-17T00:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:55:18.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…