CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0154
https://notcve.org/view.php?id=CVE-2017-0154
Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 11 en Windows 10, 1511 y 1606 y Windows Server 2016 no impone las políticas entre dominios cruzados, permitiendo a atacantes acceder a información de un dominio e inyectarlo en otro a través de una aplicación manipulada, vulnerabilidad también conocida como "Internet Explorer Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/96766 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0154 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2017-0049
https://notcve.org/view.php?id=CVE-2017-0049
The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037. El motor VBScript en Microsoft Internet Explorer 11 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Information Disclosure Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0018 y CVE-2017-0037. • http://www.securityfocus.com/bid/96095 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 46%CPEs: 2EXPL: 0CVE-2017-0033
https://notcve.org/view.php?id=CVE-2017-0033
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069. Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos suplantar contenido web a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Spoofing Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0012 y CVE-2017-0069. • http://www.securityfocus.com/bid/96087 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0033 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 31%CPEs: 3EXPL: 0CVE-2017-0008
https://notcve.org/view.php?id=CVE-2017-0008
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059. Microsoft Internet Explorer 9 hasta la versión 11 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocido como "Internet Explorer Information Disclosure Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0009 y CVE-2017-0059. • http://www.securityfocus.com/bid/96073 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0008 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 96%CPEs: 2EXPL: 5CVE-2017-0037 – Microsoft Edge and Internet Explorer Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. Microsoft Internet Explorer 10 y 11 y Microsoft Edge tienen un problema de tipo de confusión en la función Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement en mshtml.dll, que permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una secuencia de token Cascading Style Sheets (CSS) manipulada y código JavaScript manipulado que opera en un elemento TH. Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement. Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. • https://www.exploit-db.com/exploits/41454 https://www.exploit-db.com/exploits/43125 https://www.exploit-db.com/exploits/42354 https://github.com/chattopadhyaykittu/CVE-2017-0037 http://www.securityfocus.com/bid/96088 http://www.securitytracker.com/id/1037905 http://www.securitytracker.com/id/1037906 https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 https://portal.msrc.microsoft.com/en-US&# • CWE-704: Incorrect Type Conversion or Cast •