CVE-2017-0040 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Internet Explorer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents6 sources

Severity

7.5HIGHNVD

EPSS

18.7%

top 4.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Internet Explorer Microsoft Internet Explorer

Timeline

PublishedMar 17

Latest updateMay 17

Description

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

▶CVEListV5microsoft_corporation/internet_explorerThe scripting engine in Microsoft Internet Explorer 9 through 11

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-ppg2-45gh-f84g: The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memor↗2022-05-17

▶

GHSA

GHSA-49xr-73x3-2444: The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memor↗2022-05-17

▶

CVEList

CVE-2017-0130: The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memor↗2017-03-17

▶

CVEList

CVE-2017-0040: The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memor↗2017-03-17

▶

📋Vendor Advisories

Microsoft

Scripting Engine Memory Corruption Vulnerability↗2017-03-14

▶