CVE-2017-0059

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/96645	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038008	Broken Link Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0059	Patch Vendor Advisory
https://www.exploit-db.com/exploits/41661/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42354/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43125/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::

Configuration 2 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

History

16 Jul 2024, 17:51

Type	Values Removed	Values Added
First Time		Microsoft windows Rt 8.1 Microsoft windows 7 Microsoft windows Server 2012 Microsoft windows 10 1507 Microsoft windows Vista Microsoft windows 10 1511 Microsoft windows 8.1 Microsoft windows Server 2016 Microsoft windows 10 1607 Microsoft windows Server 2008
CPE	cpe:2.3:a:microsoft:internet_explorer:11:::::::*	cpe:2.3:a:microsoft:internet_explorer:11:-:::::: cpe:2.3:o:microsoft:windows_vista:-:sp2:::::: cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::* cpe:2.3:o:microsoft:windows_8.1:-:::::::* cpe:2.3:o:microsoft:windows_7:-:sp1:::::: cpe:2.3:o:microsoft:windows_server_2016:-:::::::* cpe:2.3:o:microsoft:windows_server_2012:-:::::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::: cpe:2.3:o:microsoft:windows_10_1607:-:::::::* cpe:2.3:o:microsoft:windows_server_2012:r2:::::::* cpe:2.3:o:microsoft:windows_10_1507:-:::::::* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:* cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
CWE	~~CWE-200~~	NVD-CWE-noinfo
References	~~() http://www.securityfocus.com/bid/96645 -~~	() http://www.securityfocus.com/bid/96645 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1038008 -~~	() http://www.securitytracker.com/id/1038008 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/41661/ -~~	() https://www.exploit-db.com/exploits/41661/ - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/42354/ -~~	() https://www.exploit-db.com/exploits/42354/ - Exploit, Third Party Advisory, VDB Entry
References	~~() https://www.exploit-db.com/exploits/43125/ -~~	() https://www.exploit-db.com/exploits/43125/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2017-03-17 00:59

Updated : 2024-07-16 17:51

NVD link : CVE-2017-0059

Mitre link : CVE-2017-0059

CVE.ORG link : CVE-2017-0059

JSON object : View

Products Affected

microsoft

windows_vista
windows_10_1507
windows_server_2012
windows_10_1607
windows_server_2016
windows_rt_8.1
internet_explorer
windows_7
windows_server_2008
windows_8.1
windows_10_1511

CWE

NVD-CWE-noinfo

4.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-0059

4.3^/10

4.3^/10

Attach tags to `CVE-2017-0059`