CVE-2017-0009Sensitive Information Exposure in Corporation Browser

CWE-200Sensitive Information ExposureCWE-79Cross-site Scripting33 documents9 sources
Severity
6.1MEDIUMNVD
NVD4.3CNA4.3VulnCheck4.3
EPSS
10.6%
top 6.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Corporation BrowserMicrosoft Corporation EdgeMicrosoft Corporation Internet Explorer+1 more
Timeline
PublishedMar 17
Latest updateMay 17

Description

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5microsoft_corporation/internet_explorerInternet Explorer 9 through 11
CVEListV5microsoft_corporation/browserInternet Explorer 9 through 11 and Edge
CVEListV5microsoft_corporation/edgeEdge, The RegEx class in the XSS filter in Microsoft Edge+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

15
GHSA
GHSA-36pj-p9j3-7rr9: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Inter2022-05-17
GHSA
GHSA-qh2j-hcp8-r23w: The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive informa2022-05-17
GHSA
GHSA-53gv-m53j-xw4v: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Micro2022-05-17
GHSA
GHSA-h79h-p55m-548h: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Inter2022-05-17
GHSA
GHSA-322g-5x7j-7fgm: Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerabilit2022-05-17

💥Exploits & PoCs

2
Exploit-DB
Dell EMC Isilon OneFS - Multiple Vulnerabilities2018-02-14
Exploit-DB
VMware Workstation 12 Pro - Denial of Service2017-06-08

📋Vendor Advisories

1
Microsoft
Microsoft Browser Information Disclosure Vulnerability2017-03-14

🕵️Threat Intelligence

7
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15

💬Community

1
Bugzilla
CVE-2017-2641 CVE-2017-2643 CVE-2017-2644 CVE-2017-2645 moodle: Multiple security vulnerabilities2017-03-22
CVE-2017-0009 — Sensitive Information Exposure | cvebase