⚠ Actively exploited
Added to CISA KEV on 2022-03-28. Federal agencies required to patch by 2022-04-18. Required action: Apply updates per vendor instructions..
CVE-2017-0059 — Sensitive Information Exposure in Corporation Internet Explorer
Severity
4.3MEDIUMNVD
EPSS
83.9%
top 0.70%
CISA KEV
KEV
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 17
KEV addedMar 28
KEV dueApr 18
Latest updateMay 17
CISA Required Action: Apply updates per vendor instructions.
Description
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages2 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-36pj-p9j3-7rr9: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Inter↗2022-05-17
GHSA▶
GHSA-h79h-p55m-548h: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Inter↗2022-05-17
CVEList▶
CVE-2017-0008: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Inter↗2017-03-17
CVEList▶
CVE-2017-0059: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Inter↗2017-03-17
💥Exploits & PoCs
3Exploit-DB▶
Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007)↗2017-10-17
Exploit-DB
▶