Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0202Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Internet Explorer

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
7.5HIGHNVD
EPSS
61.9%
top 1.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Corporation Internet ExplorerMicrosoft Internet Explorer
Timeline
PublishedApr 12
Latest updateMay 17

Description

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft_corporation/internet_explorerInternet Explorer 11

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-2rpv-5gq5-8p5q: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory2022-05-17
CVEList
CVE-2017-0202: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory2017-04-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption2017-04-27

📋Vendor Advisories

1
Microsoft
Internet Explorer Memory Corruption Vulnerability2017-04-11

🕵️Threat Intelligence

5
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Qualys
Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins2017-04-11
Qualys
Microsoft Fixes 45 Vulnerabilities with new Security Update Guide - says goodbye to Security Bulletins | Qualys2017-04-11
Zscaler
Zscaler protects against 16 new vulnerabilities for MS
CVE-2017-0202 — HIGH severity | cvebase