Internet Explorer mshtml.dll Memory Corruption Vulnerability

Added: 08/01/2017
CVE: CVE-2017-0037
BID: 96088

Background

Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.

Problem

Microsoft Internet Explorer has two vulnerabilities in the way objects are handled in memory. The first, CVE-2017-0059, is an information disclosure vulnerability which can be used to detect information about the base heap address. The second vulnerability, CVE-2017-0037, is due to a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code. The information disclosed by the first vulnerability can be used to improve the success rate of exploitation of the second vulnerability.

Resolution

Apply the appropriate update referenced in Microsoft Security Bulletin MS17-006.

References

https://www.exploit-db.com/exploits/42354/
https://redr2e.com/cve-to-exploit-cve-2017-0037-and-0059/
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0059
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0037

Limitations

Exploit works on Windows 7 x86-64 with Internet Explorer 11 build 11.0.37 and earlier.

Platforms

Windows 7

Back to exploit index