Bird_banner_small4
Microsoft Edge ProfiledLdElem Type Confusion
TSL ID TSL20170314-30
CVE ID(s) CVE-2017-0071
Severity High
Description

A type confusion vulnerability has been reported in Microsoft Edge. This vulnerability is due to improper objects access in memory in ProfiledLdElem function.

A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted web page. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

The vendor, Microsoft, has issued the following advisories regarding these vulnerabilities:

https://technet.microsoft.com/library/security/MS17-007

Affected Products
  • Microsoft Edge .
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.3 (E:POC/RL:OF/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Identifiers
Microsoft Security Bulletin
References https://bugs.chromium.org/p/project-zero/issues/detail?id=1045&can=1&q=&sort=-id
Related Threats