CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

CVSS v3 8.1 HIGH
CVSS v2.0 7.6 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/96088	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037905	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037906	Broken Link Third Party Advisory VDB Entry
https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html	Exploit Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011	Exploit Issue Tracking Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037	Patch Vendor Advisory
https://www.exploit-db.com/exploits/41454/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42354/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43125/	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96088	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037905	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037906	Broken Link Third Party Advisory VDB Entry
https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html	Exploit Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011	Exploit Issue Tracking Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037	Patch Vendor Advisory
https://www.exploit-db.com/exploits/41454/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42354/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43125/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1607:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

History

21 Nov 2024, 03:02

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/96088 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/96088 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1037905 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1037905 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1037906 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1037906 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html - Exploit, Third Party Advisory~~	() https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html - Exploit, Third Party Advisory
References	~~() https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 - Exploit, Issue Tracking, Third Party Advisory~~	() https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037 - Patch, Vendor Advisory~~	() https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037 - Patch, Vendor Advisory
References	~~() https://www.exploit-db.com/exploits/41454/ - Exploit, Third Party Advisory, VDB Entry~~	() https://www.exploit-db.com/exploits/41454/ - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/42354/ - Exploit, Third Party Advisory, VDB Entry~~	() https://www.exploit-db.com/exploits/42354/ - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/43125/ - Exploit, Third Party Advisory, VDB Entry~~	() https://www.exploit-db.com/exploits/43125/ - Exploit, Third Party Advisory, VDB Entry

16 Jul 2024, 17:52

Type	Values Removed	Values Added
CWE	~~CWE-704~~	CWE-843
References	~~() http://www.securityfocus.com/bid/96088 -~~	() http://www.securityfocus.com/bid/96088 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1037905 -~~	() http://www.securitytracker.com/id/1037905 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1037906 -~~	() http://www.securitytracker.com/id/1037906 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html -~~	() https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html - Exploit, Third Party Advisory
References	~~() https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037 -~~	() https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037 - Patch, Vendor Advisory
References	~~() https://www.exploit-db.com/exploits/41454/ -~~	() https://www.exploit-db.com/exploits/41454/ - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/42354/ -~~	() https://www.exploit-db.com/exploits/42354/ - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/43125/ -~~	() https://www.exploit-db.com/exploits/43125/ - Exploit, Third Party Advisory, VDB Entry
CPE	cpe:2.3:a:microsoft:internet_explorer:11:::::::*	cpe:2.3:o:microsoft:windows_10_1511:-:::::::* cpe:2.3:o:microsoft:windows_8.1:-:::::::* cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::* cpe:2.3:o:microsoft:windows_server_2016:-:::::::* cpe:2.3:o:microsoft:windows_server_2012:-:::::::* cpe:2.3:o:microsoft:windows_server_2012:r2:::::::* cpe:2.3:a:microsoft:internet_explorer:11:-:::::: cpe:2.3:o:microsoft:windows_10_1507:-:::::::* cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
First Time		Microsoft windows Server 2012 Microsoft windows 10 1507 Microsoft windows Server 2016 Microsoft windows 10 1511 Microsoft windows 10 1607 Microsoft windows Rt 8.1 Microsoft windows 8.1

Information

Published : 2017-02-26 23:59

Updated : 2025-04-20 01:37

NVD link : CVE-2017-0037

Mitre link : CVE-2017-0037

CVE.ORG link : CVE-2017-0037

JSON object : View

Products Affected

microsoft

windows_server_2016
windows_10_1607
edge
windows_10_1511
windows_8.1
windows_rt_8.1
internet_explorer
windows_10_1507
windows_server_2012

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

{"id": "CVE-2017-0037", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2017-02-26T23:59:00.150", "references": [{"url": "http://www.securityfocus.com/bid/96088", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1037905", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1037906", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html", "tags": ["Exploit", "Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://www.exploit-db.com/exploits/41454/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://www.exploit-db.com/exploits/42354/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://www.exploit-db.com/exploits/43125/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/96088", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037905", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037906", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/41454/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/42354/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/43125/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-843"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-843"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element."}, {"lang": "es", "value": "Microsoft Internet Explorer 10 y 11 y Microsoft Edge tienen un problema de tipo de confusi\u00f3n en la funci\u00f3n Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement en mshtml.dll, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran una secuencia de token Cascading Style Sheets (CSS) manipulada y c\u00f3digo JavaScript manipulado que opera en un elemento TH."}], "lastModified": "2025-04-20T01:37:25.860", "cisaActionDue": "2022-04-18", "cisaExploitAdd": "2022-03-28", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A8E9D99-BD78-4340-88F2-5AFF27AC37C9"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A8E9D99-BD78-4340-88F2-5AFF27AC37C9"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB"}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@microsoft.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Edge and Internet Explorer Type Confusion Vulnerability"}

8.1 /10