CVE-2017-0037
| CVE Published | 2017-02-26 |
|---|---|
| Related CWE(s) | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion'), CWE-704: Incorrect Type Conversion or Cast |
| Related Vendor(s) | microsoft |
| Related Product(s) | internet_explorer, edge |
| Exploitation Reported (CISA KEV) | 2022-03-28 |
| CVSS 3 Base Score | 8.1 (HIGH) |
| CVSS 3 Attack Complexity | HIGH |
| CVSS 3 Attack Vector | NETWORK |
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph