CVE-2017-0059

MEDIUM KEV

Internet Explorer 9-11 - Information Disclosure via Crafted Web Site

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2017-0059 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022. EIP tracks 3 public exploits from researchers including mschenk, Google Security Research, redr2e.

AI-analyzed exploit summary This exploit leverages a memory corruption vulnerability in Internet Explorer (CVE-2017-0059) to achieve remote code execution. It uses heap spraying, ROP chains, and shellcode execution to bypass DEP and execute arbitrary code (e.g., calc.exe).

Description

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.

Exploits (3)

exploitdb WORKING POC VERIFIED
by mschenk · htmlremotewindows_x86
https://www.exploit-db.com/exploits/43125

This exploit leverages a memory corruption vulnerability in Internet Explorer (CVE-2017-0059) to achieve remote code execution. It uses heap spraying, ROP chains, and shellcode execution to bypass DEP and execute arbitrary code (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer (versions prior to the patch for CVE-2017-0059)
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/41661

This PoC demonstrates a use-after-free vulnerability in Internet Explorer 11, specifically targeting the textarea element's text value. The exploit triggers memory corruption by manipulating the textarea's defaultValue after freeing its memory, leading to potential information disclosure or further exploitation.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 11.0.9600.18537 (update version 11.0.38)
No auth needed
Prerequisites: Internet Explorer 11 with specific update version · JavaScript execution context
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by redr2e · htmlremotewindows_x86-64
https://www.exploit-db.com/exploits/42354

This exploit leverages a memory corruption vulnerability in Internet Explorer (CVE-2017-0059) to achieve remote code execution via a crafted HTML page. It uses heap spraying and ROP chains to bypass DEP and execute shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer (versions up to 11)
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96645
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43125/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41661/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42354/
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038008

Scores

CVSS v3 4.3
EPSS 0.6197
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2022-03-28
VulnCheck KEV 2017-08-30
InTheWild.io 2017-08-17
ENISA EUVD EUVD-2017-0426
Status published
Products (4)
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Microsoft Corporation/Internet Explorer Internet Explorer 9 through 11
Published Mar 17, 2017
KEV Added Mar 28, 2022
Tracked Since Feb 18, 2026