CVE-2017-11848
published 2017-11-15CVE-2017-11848: Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold…
PriorityP425medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
EPSS
7.05%
93.4th percentile
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability".
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft_corporation | internet_explorer | — | — |
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | internet_explorer_9 | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc2.4LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3jw4-3642-gxf6: Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8
ghsa_unreviewed·2022-05-17
CVE-2017-11848 [MEDIUM] CWE-200 GHSA-3jw4-3642-gxf6: Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability".
Microsoft
Internet Explorer Information Disclosure Vulnerability
vendor_msrc·2017-11-14·CVSS 2.4
CVE-2017-11848 [MEDIUM] Internet Explorer Information Disclosure Vulnerability
Internet Explorer Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page.
To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specially crafted website. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by changing how page content is handled by Internet Explorer.
Internet Explorer: Internet Explorer
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Soft
No detection rules found.
No public exploits indexed.
Qualys
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update
blogs_qualys·2017-11-14·CVSS 7.5
[HIGH] November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update
This November Patch Tuesday is moderate in volume and severity. Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.
Interestingly enough, none of the Windows OS patches are listed as Critical this month, but we do recommend focusing on CVE-2017-11830 and CVE-2017-11847 , as they address a Security Feature Bypass, and a Privilege Elevation respectively.
It should also be noted that CVE-2017-11848 , CVE-2017-11827 , CVE-2017-11883 , CVE-2017-8700 have public exploits, but they do not appear to be used i
Talos
Microsoft Patch Tuesday - November 2017
blogs_talos·2017-11-14·CVSS 7.5
CVE-2017-16367 [HIGH] Microsoft Patch Tuesday - November 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.
In addition, an update for Adobe Reader was released which addresses CVE-2017-16367 / TALOS-2017-0356 - Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Code Execution Vulnerability which was discovered by Aleksandar Nikolic of Cisco Talos. This vulnerability manifests as a type confusion vulnerability in the PDF parsing functionality for documents containing marked stru
Qualys
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update | Qualys
blogs_qualys·2017-11-14·CVSS 7.5
[HIGH] November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update | Qualys
This November Patch Tuesday is moderate in volume and severity. Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion’s share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.
Interestingly enough, none of the Windows OS patches are listed as Critical this month, but we do recommend focusing on CVE-2017-11830 and CVE-2017-11847, as they address a Security Feature Bypass, and a Privilege Elevation respectively.
It should also be noted that CVE-2017-11848, CVE-2017-11827, CVE-2017-11883, CVE-2017-8700 have public exploits, but they do not appear to be used in an
http://www.securityfocus.com/bid/101709http://www.securitytracker.com/id/1039796https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848http://www.securityfocus.com/bid/101709http://www.securitytracker.com/id/1039796https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848
2017-11-15
Published