Type Confusion Vulnerability in Microsoft Internet Explorer and Edge
CVE-2017-0037 · HIGH Severity
AV:N/AC:H/AU:N/C:C/I:C/A:C
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
Learn more about our Web Application Penetration Testing UK.