Added: 08/01/2017
CVE: CVE-2017-0037
BID: 96088
Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
Microsoft Internet Explorer has two vulnerabilities in the way objects are handled in memory. The first, CVE-2017-0059, is an information disclosure vulnerability which can be used to detect information about the base heap address. The second vulnerability, CVE-2017-0037, is due to a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement
function in mshtml.dll
, which allows remote attackers to execute arbitrary code. The information disclosed by the first vulnerability can be used to improve the success rate of exploitation of the second vulnerability.
Apply the appropriate update referenced in Microsoft Security Bulletin MS17-006.
<https://www.exploit-db.com/exploits/42354/>
<https://redr2e.com/cve-to-exploit-cve-2017-0037-and-0059/>
<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0059>
<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0037>
Exploit works on Windows 7 x86-64 with Internet Explorer 11 build 11.0.37 and earlier.
Windows 7