CVE-2017-0037 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

View Analysis Description Analysis Description Microsoft Internet Explorer 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 8.1 HIGH Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 7.6 HIGH Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-704 Incorrect Type Conversion or Cast NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 8 change records found show changes CVE Modified by MITRE 11/18/2017 9:29:00 PM Action Type Old Value New Value Added Reference https://www.exploit-db.com/exploits/43125/ [No Types Assigned]



CVE Modified by MITRE 8/31/2017 9:29:32 PM Action Type Old Value New Value Added Reference https://www.exploit-db.com/exploits/41454/ [No Types Assigned]



CVE Modified by MITRE 8/11/2017 9:29:01 PM Action Type Old Value New Value Added Reference https://www.exploit-db.com/exploits/42354/ [No Types Assigned]



CVE Modified by MITRE 7/17/2017 9:18:08 AM Action Type Old Value New Value Added Reference http://www.securitytracker.com/id/1037905 [No Types Assigned]



Added Reference http://www.securitytracker.com/id/1037906 [No Types Assigned]



CVE Modified by MITRE 4/03/2017 9:59:02 PM Action Type Old Value New Value Added Reference https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html [No Types Assigned]



CVE Modified by MITRE 3/17/2017 9:59:01 PM Action Type Old Value New Value Changed Description Microsoft Internet Explorer 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.



Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.



Added Reference https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037 [No Types Assigned]



CVE Modified by MITRE 3/01/2017 9:59:02 PM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/96088 [No Types Assigned]



Initial Analysis 2/27/2017 1:41:02 PM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*



Added CVSS V2 (AV:N/AC:H/Au:N/C:C/I:C/A:C)



Added CVSS V3 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-704



Changed Reference Type https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 No Types Assigned



https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 Third Party Advisory, Issue Tracking, Exploit



Quick Info CVE Dictionary Entry:

CVE-2017-0037

NVD Published Date:

02/26/2017

NVD Last Modified:

11/18/2017

Source:

MITRE

