CVE-2017-0059
CVE-2017-0059
In short
Internet Explorer 9 through 11 can leak sensitive information from a computer's memory when visiting a malicious website. An attacker can use this to steal private data without the user knowing.
Technical detail
A remote attacker can craft a malicious web page that exploits an information disclosure vulnerability in Internet Explorer 9-11 to read sensitive data from the target process's memory space. The attack requires user interaction (visiting the malicious site) and affects the confidentiality of process memory contents.
Summary generated and translated by AI from the official description.
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected products
Microsoft Corporation · Internet Explorerpublic PoCs found — 6
cve_referencewww.exploit-db.com/exploits/41661/unverifiedcve_referencewww.exploit-db.com/exploits/42354/unverifiedcve_referencewww.exploit-db.com/exploits/43125/unverifiedexploitdbwww.exploit-db.com/exploits/41661unverifiedexploitdbwww.exploit-db.com/exploits/43125unverifiedexploitdbwww.exploit-db.com/exploits/42354unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0059https://www.exploit-db.com/exploits/41661/https://www.exploit-db.com/exploits/42354/https://www.exploit-db.com/exploits/43125/http://www.securityfocus.com/bid/96645http://www.securitytracker.com/id/1038008