Multiple vulnerabilities in Microsoft Internet Explorer
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-0064 CVE-2017-0222 CVE-2017-0226 CVE-2017-0228 CVE-2017-0231 CVE-2017-0238 |
| CWE-ID | CWE-20 CWE-119 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Vulnerability #2 is being exploited in the wild. Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Microsoft Internet Explorer Client/Desktop applications / Web browsers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Security bypass
EUVDB-ID: #VU6446
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-0064
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted website containing attacker-controlled content, trick the victim into opening it, bypass Mixed Content warnings and load unsecure content (HTTP) from secure locations (HTTPS).
Successful exploitation of the vulnerability results in security bypass.
Install update from vendor's website.
Microsoft Internet Explorer: 9 - 11
CPE2.3- cpe:2.3:a:microsoft:microsoft_internet_explorer:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_internet_explorer:11:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0064
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Memory corruption
EUVDB-ID: #VU6453
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2017-0222
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Note: the vulnerability is being actively exploited.
Mitigation
Install update from vendor's website.
Microsoft Internet Explorer: 10 - 11
CPE2.3- cpe:2.3:a:microsoft:microsoft_internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_internet_explorer:11:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Memory corruption
EUVDB-ID: #VU6454
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-0226
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution. MitigationInstall update from vendor's website.
Microsoft Internet Explorer: 10 - 11
CPE2.3- cpe:2.3:a:microsoft:microsoft_internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_internet_explorer:11:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0226
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU6455
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-0228
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in JavaScript engines. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Install update from vendor's website.
Microsoft Internet Explorer: 11
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0228
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Spoofing attack
EUVDB-ID: #VU6457
Risk: Medium
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2017-0231
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when rendering SmartScreen Filter in Microsoft browsers. A remote attacker can create a specially crafted web page, trick the victim into visiting it and perform a spoofing attack.
Successful exploitation of the vulnerability may result in unauthorized access to entire database.
Install update from vendor's website.
Microsoft Internet Explorer: 11
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0231
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Memory corruption
EUVDB-ID: #VU6458
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-0238
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in JavaScript engines. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Mitigation
Install update from vendor's website.
Microsoft Internet Explorer: 9 - 11
CPE2.3- cpe:2.3:a:microsoft:microsoft_internet_explorer:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_internet_explorer:11:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
