CVE-2017-0018 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Internet Explorer
Severity
8.8HIGHNVD
NVD7.5NVD4.3CNA7.5
EPSS
20.8%
top 4.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 17
Latest updateFeb 28
Description
Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages2 packages
▶CVEListV5microsoft_corporation/internet_explorerInternet Explorer 10 and 11, Internet Explorer 9 through 11, The VBScript engine in Microsoft Internet Explorer 11+2
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-8xx2-2w6g-2ff2: Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted↗2022-05-17
GHSA▶
GHSA-vrcm-c43w-vj64: The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web si↗2022-05-17
GHSA▶
GHSA-xqqj-2hmg-wc6r: Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craft↗2022-05-17
CVEList▶
CVE-2017-0018: Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted↗2017-03-17
CVEList▶
CVE-2017-0049: The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web si↗2017-03-17