CVE-2017-0059

MEDIUM KEV

Microsoft Internet Explorer - Information Disclosure

Title source: rule
STIX 2.1

Description

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.

Exploits (3)

exploitdb WORKING POC VERIFIED
by mschenk · htmlremotewindows_x86
https://www.exploit-db.com/exploits/43125
exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/41661
exploitdb WORKING POC
by redr2e · htmlremotewindows_x86-64
https://www.exploit-db.com/exploits/42354

References (7)

Core 7
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96645
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43125/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41661/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42354/
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038008

Scores

CVSS v3 4.3
EPSS 0.8364
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2022-03-28
VulnCheck KEV 2017-08-30
InTheWild.io 2017-08-17
ENISA EUVD EUVD-2017-0426
Status published
Products (4)
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Microsoft Corporation/Internet Explorer Internet Explorer 9 through 11
Published Mar 17, 2017
KEV Added Mar 28, 2022
Tracked Since Feb 18, 2026