CVE-2017-0059

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Высокий

Описание

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.

Ссылки

http://www.securityfocus.com/bid/96645
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038008
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/41661/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42354/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43125/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/96645
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038008
Broken Link
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/41661/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42354/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/43125/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.84143

Высокий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-0059

CVSS3: 2.4

msrc

больше 8 лет назад

Microsoft Browser Information Disclosure Vulnerability

GHSA-36pj-p9j3-7rr9

CVSS3: 4.3

github

около 3 лет назад

BDU:2017-00720

fstec

больше 8 лет назад

Уязвимость браузера Internet Explorer, позволяющая нарушителю получить конфиденциальную информацию

EPSS

Процентиль: 99%

0.84143

Высокий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo