CVE-2017-0202

HIGH

Internet Explorer - Remote Code Execution via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0202. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a memory corruption vulnerability in Internet Explorer 11, specifically a type confusion issue leading to an out-of-bounds read in CStyleSheetArray::BuildListOfMatchedRules. The vulnerability can potentially be escalated to arbitrary code execution due to a subsequent write at an attacker-controlled address.

Description

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldoswindows

https://www.exploit-db.com/exploits/41941

View Code ZIP pw:eip

This PoC exploits a memory corruption vulnerability in Internet Explorer 11, specifically a type confusion issue leading to an out-of-bounds read in CStyleSheetArray::BuildListOfMatchedRules. The vulnerability can potentially be escalated to arbitrary code execution due to a subsequent write at an attacker-controlled address.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Internet Explorer 11.576.14393.0 (Update Version 11.0.38)

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 11

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41941/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038238

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97441

Scores

CVSS v3 7.5

EPSS 0.6187

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (2)

microsoft/internet_explorer 11

Microsoft Corporation/Internet Explorer Internet Explorer 11

Published Apr 12, 2017

Tracked Since Feb 18, 2026