CVE-2017-11855
published 2017-11-15CVE-2017-11855: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold…
PriorityP264high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
47.91%
98.7th percentile
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft_corporation | internet_explorer | — | — |
| msrc | internet_explorer_10 | — | — |
| msrc | internet_explorer_11 | — | — |
| msrc | internet_explorer_9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandvar x = new URIError(new Array(), undefined, undefined);
String.prototype.localeCompare.call(x, new Date(0, 0, 0, 0, 0, 0, undefined));
Array.prototype.slice.call(1);↗
- →The vulnerability is triggered via jscript!JsArraySlice when JsArraySlice() expects NameTBL::GetVal() to return an integer but receives an uninitialized/non-integer type, leading to memory corruption. Monitor for crash/AV at jscript!InvokeDispatch+0xbd. ↗
- →Exploit PoC uses a combination of URIError constructed with an Array, String.prototype.localeCompare called on the error object with a Date, and Array.prototype.slice called on a non-array (integer 1) to trigger the uninitialized variable condition in jscript. ↗
- →Affected component is Internet Explorer 9, 10, and 11 via the jscript engine (jscript.dll). Detection should focus on jscript!JsArraySlice call chains involving ConvertToScalar and InvokeDispatch. ↗
- ·Exploitation requires user interaction — the attacker must convince a user to visit a specially crafted website or open a malicious attachment; there is no drive-by without user action. ↗
- ·At time of patch release, the vulnerability was not observed as exploited in the wild, though exploitation was rated 'More Likely' for both latest and older software releases. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m96c-6wph-7qmm: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-11856 [HIGH] CWE-119 GHSA-m96c-6wph-7qmm: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11855.
GHSA
GHSA-x72m-4fvc-5g29: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2017-11855 [HIGH] CWE-119 GHSA-x72m-4fvc-5g29: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856.
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2017-11-14·CVSS 6.4
CVE-2017-11855 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to vie
No detection rules found.
Unit42
Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures
blogs_unit42·2017-11-22·CVSS 3.1
CVE-2017-11855 [LOW] Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures
As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered four vulnerabilities addressed by the Microsoft Security Response Center as part of their November 2017 security update release.
CVE
Vulnerability Name
Affected Products
Maximum Severity Rating
Impact
Researcher(s)
CVE-2017-11855
Internet Explorer Memory Corruption Vulnerability
Internet Explorer 9, 10, 11
Critical
Remote Code Execution (RCE)
Hui Gao
CVE-2017-11856
Internet Explorer Memory Corruption Vulnerability
Internet Explorer 11
Critical
Remote Code Execution (RCE)
Hui Gao and Zhanglin He
CVE-2017-11791
Scripting Engine Information Disclosure Vulnerability
Internet Explorer 9, 10, 11; Microsoft Edge
Important
Information Disclosure
Hui Gao
CVE-2017-11834
Unit42
Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures
blogs_unit42·2017-11-22·CVSS 3.1
[LOW] Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures
## Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures
Unit 42
Published: November 22, 2017
Threat Research
Vulnerabilities
Internet Explorer
Microsoft
Microsoft Security Response Center (MSRC)
As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered four vulnerabilities addressed by the Microsoft Security Response Center as part of their November 2017 security update release.
CVE
Vulnerability Name
Affected Products
Maximum Severity Rating
Impact
Researcher(s)
CVE-2017-11855
Internet Explorer Memory Corruption Vulnerability
Internet Explorer 9, 10, 11
Critical
Remote Code Execution (RCE)
Hui Gao
CVE-2017-11856
Internet Explorer Memory Corruption Vulnerability
Internet Explo
Talos
Microsoft Patch Tuesday - November 2017
blogs_talos·2017-11-14·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - November 2017
## Microsoft Patch Tuesday - November 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.
In addition, an update for Adobe Reader was released which addresses CVE-2017-16367 / TALOS-2017-0356 - Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Code Execution Vulnerability which was discovered by Aleksandar Nikolic of Cisco Talos. This vulnerability manifests as a type confusion vulnerability in the PDF parsing functi
Talos
Microsoft Patch Tuesday - November 2017
blogs_talos·2017-11-14·CVSS 7.5
CVE-2017-16367 [HIGH] Microsoft Patch Tuesday - November 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.
In addition, an update for Adobe Reader was released which addresses CVE-2017-16367 / TALOS-2017-0356 - Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Code Execution Vulnerability which was discovered by Aleksandar Nikolic of Cisco Talos. This vulnerability manifests as a type confusion vulnerability in the PDF parsing functionality for documents containing marked stru
Zscaler
Zscaler protects against 10 new vulnerabilities for Internet
blogs_zscaler·CVSS 3.1
[LOW] Zscaler protects against 10 new vulnerabilities for Internet
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/101751https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855https://www.exploit-db.com/exploits/43371/http://www.securityfocus.com/bid/101751https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855https://www.exploit-db.com/exploits/43371/
2017-11-15
Published