Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.
Internet Explorer 10 and 11 are vulnerable.
Information
Bugtraq ID: | 96088 | Class: | Failure to Handle Exceptional Conditions | CVE: | CVE-2017-0037
| Remote: | Yes | Local: | No | Published: | Feb 23 2017 12:00AM | Updated: | Sep 28 2017 04:00PM | Credit: | Ivan Fratric working with Google Project Zero. | Vulnerable: | Microsoft Internet Explorer 11
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows 10 version 1703 for 32-bit Systems 0
+ Microsoft Windows 10 version 1703 for x64-based Systems 0
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for 32-bit Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows 8.1 for x64-based Systems 0
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Rt 8.1 -
+ Microsoft Windows Server 2016
+ Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
+ Microsoft Windows Server 2008 R2 for Itanium-based Systems SP2
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2012 R2 0
+ Microsoft Windows Server 2012 R2 0
+ Microsoft Windows Server 2012 R2 0
Microsoft Internet Explorer 10
+ Microsoft Windows 7 for 32-bit Systems SP1
+ Microsoft Windows 7 for x64-based Systems SP1
+ Microsoft Windows 8 for 32-bit Systems 0
+ Microsoft Windows 8 for x64-based Systems 0
+ Microsoft Windows RT 0
+ Microsoft Windows Server 2008 R2 for x64-based Systems SP1
+ Microsoft Windows Server 2012 0
+ Microsoft Windows Server 2012 0
Microsoft Edge 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for 32-bit Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for 32-bit Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 version 1511 for x64-based Systems 0
+ Microsoft Windows 10 Version 1607 for 32-bit Systems 0
+ Microsoft Windows 10 Version 1607 for x64-based Systems 0
+ Microsoft Windows Server 2016 for x64-based Systems 0
| | Not Vulnerable: | | Exploit
This vulnerability is being exploited through the Disdain exploit kit.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
