CVE-2017-0202
published 2017-04-12CVE-2017-0202: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way…
PriorityP266high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
45.65%
98.6th percentile
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft_corporation | internet_explorer | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
| msrc | internet_explorer_11_on_windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
8bb824010000
- →Crash/memory corruption occurs in MSHTML!CStyleSheetArray::BuildListOfMatchedRules when document.head.innerHTML is overwritten while a CSS transition-duration is active and fgColor/setAttribute are manipulated — monitor for IE renderer crashes at this symbol offset. ↗
- →The exploit PoC triggers the vulnerability via a combination of CSS transition-duration, document.fgColor assignment, element.setAttribute, and document.head.innerHTML reassignment — detect pages combining these JS/CSS patterns in IE. ↗
- →CSS property 'transition-duration: 61s' is used in the PoC to set up the vulnerable state — anomalously large or unusual transition-duration values in pages targeting IE may indicate exploitation attempts. ↗
- →The call stack shows the crash originates in the IE render thread via CRenderThread::RenderThread — look for abnormal IE render thread crashes involving CStyleSheetArray and CElement::ApplyStyleSheets in crash telemetry. ↗
- →Affected version is Internet Explorer 11.576.14393.0 — flag unpatched IE11 instances at this version for prioritized patching and network-level monitoring. ↗
- ·Exploit status from Microsoft indicates 'Exploitation More Likely' for both latest and older software releases, but as of advisory publication it was not yet observed as exploited in the wild. ↗
- ·The vulnerability requires user interaction — an attacker must convince the user to visit a crafted page or open a malicious attachment; drive-by exploitation without user action is not possible. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2017-04-11·CVSS 6.0
CVE-2017-0202 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to vie
GHSA
GHSA-2rpv-5gq5-8p5q: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory
ghsa_unreviewed·2022-05-17
CVE-2017-0202 [HIGH] CWE-119 GHSA-2rpv-5gq5-8p5q: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."
No detection rules found.
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
## Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
## Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of security features when document loading is done via Outlook attachments for certain crafted emails. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Manage
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
### Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of
security features when document loading is done via Outlook attachments for
certain crafted emails. Successful exploitation of this issue may grant an
attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Management classes or the Powershell Get-WmiOb
Qualys
Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins
blogs_qualys·2017-04-11·CVSS 7.5
[HIGH] Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins
Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide . We talked about this change earlier in a few blog posts and finally today it’s time to say good bye to security bulletins which essentially combined related vulnerabilities and products for easy of consumption.
In today’s release Microsoft fixed a total of 45 vulnerabilities that could lead to remote code execution, denial-of-service, elevation of privileges, security feature bypass and spoofing. Top priority goes to the Office and WordPad CVE-2017-0199 which fixed a 0-day vulnerability that is being actively exploited in the wild. Exploitation of this vulnerability requires that a user open or preview a speciall
Qualys
Microsoft Fixes 45 Vulnerabilities with new Security Update Guide - says goodbye to Security Bulletins | Qualys
blogs_qualys·2017-04-11·CVSS 7.5
[HIGH] Microsoft Fixes 45 Vulnerabilities with new Security Update Guide - says goodbye to Security Bulletins | Qualys
Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide. We talked about this change earlier in a few blog posts and finally today it’s time to say good bye to security bulletins which essentially combined related vulnerabilities and products for easy of consumption.
In today’s release Microsoft fixed a total of 45 vulnerabilities that could lead to remote code execution, denial-of-service, elevation of privileges, security feature bypass and spoofing. Top priority goes to the Office and WordPad CVE-2017-0199 which fixed a 0-day vulnerability that is being actively exploited in the wild. Exploitation of this vulnerability requires that a user open or preview a specially
Zscaler
Zscaler protects against 16 new vulnerabilities for MS
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler protects against 16 new vulnerabilities for MS
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/97441http://www.securitytracker.com/id/1038238https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202https://www.exploit-db.com/exploits/41941/http://www.securityfocus.com/bid/97441http://www.securitytracker.com/id/1038238https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202https://www.exploit-db.com/exploits/41941/
2017-04-12
Published