CVE-2017-0037

Microsoft Edge and Internet Explorer Type Confusion Vulnerability

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

Microsoft Internet Explorer 10 y 11 y Microsoft Edge tienen un problema de tipo de confusión en la función Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement en mshtml.dll, que permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una secuencia de token Cascading Style Sheets (CSS) manipulada y código JavaScript manipulado que opera en un elemento TH.

Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement.

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-09-09 CVE Reserved
2017-02-24 CVE Published
2022-03-28 Exploited in Wild
2022-03-28 First Exploit
2022-04-18 KEV Due Date
2024-08-05 CVE Updated
2024-09-10 EPSS Updated

CWE

CWE-704: Incorrect Type Conversion or Cast

CAPEC

References (10)

URL	Tag	Source
http://www.securityfocus.com/bid/96088	Vdb Entry
http://www.securitytracker.com/id/1037905	Vdb Entry
http://www.securitytracker.com/id/1037906	Vdb Entry
https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html	X_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/41454	2024-08-05
https://www.exploit-db.com/exploits/43125	2024-08-05
https://www.exploit-db.com/exploits/42354	2024-08-05
https://github.com/chattopadhyaykittu/CVE-2017-0037	2022-03-28
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Edge Search vendor "Microsoft" for product "Edge"				*		-		Affected
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				11 Search vendor "Microsoft" for product "Internet Explorer" and version "11"		-		Affected