Microsoft Internet Explorer and Edge CVE-2017-0037 Remote Memory Corruption Vulnerability



Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.

Internet Explorer 10 and 11 are vulnerable.

Information

Bugtraq ID: 96088
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-0037

Remote: Yes
Local: No
Published: Feb 23 2017 12:00AM
Updated: Sep 28 2017 04:00PM
Credit: Ivan Fratric working with Google Project Zero.
Vulnerable: Microsoft Internet Explorer 11
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows 10 version 1703 for 32-bit Systems 0
+ Microsoft Windows 10 version 1703 for x64-based Systems 0
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Server 2016
+ Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
+ Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2012 R2 0
+ Microsoft Windows Server 2012 R2 0
+ Microsoft Windows Server 2012 R2 0
Microsoft Internet Explorer 10
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 8 for 32-bit Systems 0
+ Microsoft Windows 8 for x64-based Systems 0
+ Microsoft Windows RT 0
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2012 0
+ Microsoft Windows Server 2012 0
Microsoft Edge 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows Server 2016 for x64-based Systems 0


Not Vulnerable:

Exploit


This vulnerability is being exploited through the Disdain exploit kit.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts