CVE-2017-0202

Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."

Existe una vulnerabilidad de ejecución remota de código cuando Internet Explorer accede inadecuadamente a objetos en la memoria. La vulnerabilidad podría dañar la memoria de tal manera que un atacante podría ejecutar código arbitrario en el contexto del usuario actual, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability".

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability was confirmed on version 11.576.14393.0 (update version 11.0.38) running on Windows 10 64-bit with page heap enabled for iexplore.exe process.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-09-09 CVE Reserved
2017-04-12 CVE Published
2024-04-24 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/97441	Third Party Advisory
http://www.securitytracker.com/id/1038238	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/41941	2024-08-05

URL	Date	SRC
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202	2017-08-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"				11 Search vendor "Microsoft" for product "Internet Explorer" and version "11"		-		Affected