CVE-2017-0037 in Edgeinfo

Summary

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

09/09/2016

Disclosure

02/26/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-704

Exploit

Download

CVSS

7.2

EPSS

0.90521

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-0037
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-0037
CVE Details	https://www.cvedetails.com/cve/CVE-2017-0037/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!