ByteOS Network

NVD Vulnerability Details :

CVE-2017-0037

Deferred

Source-secure@microsoft.com

View Known Exploited Vulnerability (KEV) details

Published At-26 Feb, 2017 | 23:59

Updated At-22 Oct, 2025 | 00:15

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2022-03-28	2022-04-18	Microsoft Edge and Internet Explorer Type Confusion Vulnerability	Apply updates per vendor instructions.

Date Added: 2022-03-28

Due Date: 2022-04-18

Vulnerability Name: Microsoft Edge and Internet Explorer Type Confusion Vulnerability

Required Action: Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.6

Base severity: HIGH

Vector:

AV:N/AC:H/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>edge>>*

cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1507>>-

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1511>>-

cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1607>>-

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*

Microsoft Corporation

>>internet_explorer>>11

cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1507>>-

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1511>>-

cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10_1607>>-

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>-

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>-

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-843	Primary	nvd@nist.gov
CWE-843	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-843

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-843

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/96088	secure@microsoft.com	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037905	secure@microsoft.com	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037906	secure@microsoft.com	Broken Link Third Party Advisory VDB Entry
https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html	secure@microsoft.com	Exploit Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011	secure@microsoft.com	Exploit Issue Tracking Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037	secure@microsoft.com	Patch Vendor Advisory
https://www.exploit-db.com/exploits/41454/	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42354/	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43125/	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96088	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037905	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037906	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011	af854a3a-2127-422b-91ae-364da2661108	Exploit Issue Tracking Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://www.exploit-db.com/exploits/41454/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42354/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43125/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0037	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A