Internet Explorer mshtml.dll Memory Corruption Vulnerability

Added: 08/01/2017
CVE: CVE-2017-0037
BID: 96088


Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.


Microsoft Internet Explorer has two vulnerabilities in the way objects are handled in memory. The first, CVE-2017-0059, is an information disclosure vulnerability which can be used to detect information about the base heap address. The second vulnerability, CVE-2017-0037, is due to a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code. The information disclosed by the first vulnerability can be used to improve the success rate of exploitation of the second vulnerability.


Apply the appropriate update referenced in Microsoft Security Bulletin MS17-006.



Exploit works on Windows 7 x86-64 with Internet Explorer 11 build 11.0.37 and earlier.


Windows 7

Back to exploit index