Memory Corruption Vulnerability in Microsoft Internet Explorer
CVE-2017-0009

4.3MEDIUM

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0009?

Microsoft Internet Explorer versions 9 to 11 are susceptible to a memory corruption vulnerability that can be exploited by remote attackers to access sensitive information stored in process memory. This can occur through a targeted crafted website, potentially leading to unauthorized data exposure. The risk stems from inadequate handling of user inputs, which allows the attacker to trick the browser into leaking sensitive data. Mitigating this vulnerability involves ensuring that browsers are kept up to date with the latest security patches.

Affected Version(s)

Browser Internet Explorer 9 through 11 and Edge

References

http://www.securityfocus.com/bid/96077
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.security-assessment.com/files/documents/adviso...
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.