Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11906Sensitive Information Exposure in Corporation Internet Explorer

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
58.9%
top 1.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Corporation Internet ExplorerMicrosoft Internet Explorer
Timeline
PublishedDec 12
Latest updateMay 14

Description

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

CVEListV5microsoft_corporation/internet_explorerMicrosoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016.

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-gj97-p9vj-fmwj: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 82022-05-14
CVEList
CVE-2017-11906: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 82017-12-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read2017-12-19

📋Vendor Advisories

1
Microsoft
Internet Explorer Information Disclosure Vulnerability2017-12-12
CVE-2017-11906 — Sensitive Information Exposure | cvebase