CVE-2017-0037CVE-2017-0037

Affected configuration(s):

cpe:/a:microsoft:edge
cpe:/a:microsoft:internet_explorer:11

Date published: 2017-02-26T18:59:00.150-05:00

Date last modified: 2017-11-18T21:29:00.410-05:00

CVSS Score: 7.6

Principal attack vector: NETWORK

Complexity:  HIGH

Reference URL: http://www.securityfocus.com/bid/96088

Summary: Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *