CVE-2017-0149

CVSS 8.8 HIGHEPSS 29.2%● KEVCWE-787

In short

Internet Explorer versions 9 through 11 have a flaw that allows attackers to run malicious code or crash the browser by visiting a specially crafted website. This happens because the browser doesn't properly manage memory when processing certain web content.

Technical detail

A remote attacker can exploit a memory corruption vulnerability in Internet Explorer 9-11 through a crafted web page without requiring user interaction beyond visiting the malicious site. The vulnerability stems from improper memory handling (CWE-787: out-of-bounds write) and can result in arbitrary code execution or denial of service depending on browser architecture and mitigation bypass conditions.

Summary generated and translated by AI from the official description.

Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Microsoft Corporation · Internet Explorer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0149 http://www.securityfocus.com/bid/96724 http://www.securitytracker.com/id/1038008