cvelistv5 - CVE-2017-11855

CVE-2017-11855 (GCVE-0-2017-11855)

Vulnerability from cvelistv5 – Published: 2017-11-15 03:00 – Updated: 2024-09-16 19:01

Summary

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

	https://www.exploit-db.com/exploits/43371/	exploitx_refsource_EXPLOIT-DB
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/101751	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	Internet Explorer	Affected: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:19:39.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43371",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43371/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
          },
          {
            "name": "101751",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101751"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Internet Explorer",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
            }
          ]
        }
      ],
      "datePublic": "2017-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-21T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "43371",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43371/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
        },
        {
          "name": "101751",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101751"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "DATE_PUBLIC": "2017-11-14T00:00:00",
          "ID": "CVE-2017-11855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Internet Explorer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43371",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43371/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
            },
            {
              "name": "101751",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101751"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-11855",
    "datePublished": "2017-11-15T03:00:00Z",
    "dateReserved": "2017-07-31T00:00:00",
    "dateUpdated": "2024-09-16T19:01:00.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7809F78-8D56-4925-A8F9-4119B973A667\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"232581CC-130A-4C62-A7E9-2EC9A9364D53\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEE2E768-0F45-46E1-B6D7-087917109D98\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B14968-3985-43C3-ACE5-8307196EFAE3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32623D48-7000-4C7D-823F-7D2A9841D88C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5808661-A082-4CBE-808C-B253972487B4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C043EDDD-41BF-4718-BDCF-158BBBDB6360\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \\\"Internet Explorer Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-11856.\"}, {\"lang\": \"es\", \"value\": \"Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versi\\u00f3n 1709 permite que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que Internet Explorer gestiona los objetos en la memoria. Esta vulnerabilidad tambi\\u00e9n se conoce como \\\"Internet Explorer Memory Corruption Vulnerability\\\". El ID de este CVE es diferente de CVE-2017-11856.\"}]",
      "id": "CVE-2017-11855",
      "lastModified": "2024-11-21T03:08:38.447",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-11-15T03:29:01.247",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/101751\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/43371/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/101751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/43371/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-11855\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-11-15T03:29:01.247\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \\\"Internet Explorer Memory Corruption Vulnerability\\\". This CVE ID is unique from CVE-2017-11856.\"},{\"lang\":\"es\",\"value\":\"Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versi\u00f3n 1709 permite que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que Internet Explorer gestiona los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \\\"Internet Explorer Memory Corruption Vulnerability\\\". El ID de este CVE es diferente de CVE-2017-11856.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7809F78-8D56-4925-A8F9-4119B973A667\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32623D48-7000-4C7D-823F-7D2A9841D88C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5808661-A082-4CBE-808C-B253972487B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C043EDDD-41BF-4718-BDCF-158BBBDB6360\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101751\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/43371/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/101751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/43371/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2017-AVI-406

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une divulgation d'informations et une exécution de code à distance

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 novembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11843"
    },
    {
      "name": "CVE-2017-11848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11848"
    },
    {
      "name": "CVE-2017-11791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11791"
    },
    {
      "name": "CVE-2017-11869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11869"
    },
    {
      "name": "CVE-2017-11846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11846"
    },
    {
      "name": "CVE-2017-11838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11838"
    },
    {
      "name": "CVE-2017-11858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11858"
    },
    {
      "name": "CVE-2017-11855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11855"
    },
    {
      "name": "CVE-2017-11827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11827"
    },
    {
      "name": "CVE-2017-11856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11856"
    },
    {
      "name": "CVE-2017-11834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11834"
    },
    {
      "name": "CVE-2017-11837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11837"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-406",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations et une ex\u00e9cution\nde code \u00e0 distance\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

CERTFR-2017-AVI-406

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une divulgation d'informations et une exécution de code à distance

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 novembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11843"
    },
    {
      "name": "CVE-2017-11848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11848"
    },
    {
      "name": "CVE-2017-11791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11791"
    },
    {
      "name": "CVE-2017-11869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11869"
    },
    {
      "name": "CVE-2017-11846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11846"
    },
    {
      "name": "CVE-2017-11838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11838"
    },
    {
      "name": "CVE-2017-11858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11858"
    },
    {
      "name": "CVE-2017-11855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11855"
    },
    {
      "name": "CVE-2017-11827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11827"
    },
    {
      "name": "CVE-2017-11856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11856"
    },
    {
      "name": "CVE-2017-11834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11834"
    },
    {
      "name": "CVE-2017-11837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11837"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-406",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations et une ex\u00e9cution\nde code \u00e0 distance\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2017",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
    }
  ]
}

GSD-2017-11855

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-11855

Aliases

CVE-2017-11855

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-11855",
    "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856.",
    "id": "GSD-2017-11855",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-11855"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-11855"
      ],
      "details": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856.",
      "id": "GSD-2017-11855",
      "modified": "2023-12-13T01:21:15.507718Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "DATE_PUBLIC": "2017-11-14T00:00:00",
        "ID": "CVE-2017-11855",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Internet Explorer",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43371",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/43371/"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
          },
          {
            "name": "101751",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101751"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-11855"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
            },
            {
              "name": "101751",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101751"
            },
            {
              "name": "43371",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/43371/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-04-29T18:34Z",
      "publishedDate": "2017-11-15T03:29Z"
    }
  }
}

FKIE_CVE-2017-11855

Vulnerability from fkie_nvd - Published: 2017-11-15 03:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/101751	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855	Patch, Vendor Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/43371/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101751	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/43371/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	11
microsoft	windows_10	-
microsoft	windows_10	1511
microsoft	windows_10	1607
microsoft	windows_10	1703
microsoft	windows_10	1709
microsoft	windows_7	-
microsoft	windows_8.1	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2012	r2
microsoft	windows_server_2016	-
microsoft	internet_explorer	10
microsoft	windows_server_2012	-
microsoft	internet_explorer	9
microsoft	windows_server_2008	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856."
    },
    {
      "lang": "es",
      "value": "Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versi\u00f3n 1709 permite que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que Internet Explorer gestiona los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \"Internet Explorer Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-11856."
    }
  ],
  "id": "CVE-2017-11855",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-15T03:29:01.247",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101751"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43371/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43371/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-34719

Vulnerability from cnvd - Published: 2017-11-21

Title

Microsoft Internet Explorer内存破坏漏洞（CNVD-2017-34719）

Description

Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer在实现上存在内存破坏漏洞，未经身份验证的远程攻击者利用该漏洞在目标系统上执行任意代码。

Severity

高

Patch Name

Microsoft Internet Explorer内存破坏漏洞（CNVD-2017-34719）的补丁

Patch Description

Internet Explorer是微软公司推出的一款网页浏览器。 Microsoft Internet Explorer在实现上存在内存破坏漏洞，未经身份验证的远程攻击者利用该漏洞在目标系统上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855

Reference

http://technet.microsoft.com/security/bulletin/November 2017 Security Updates

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Internet Explorer', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709']

Name

['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Internet Explorer', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101751"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11855"
    }
  },
  "description": "Internet Explorer\u662f\u5fae\u8f6f\u516c\u53f8\u63a8\u51fa\u7684\u4e00\u6b3e\u7f51\u9875\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Internet Explorer\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Hui Gao of Palo Alto Networks",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34719",
  "openTime": "2017-11-21",
  "patchDescription": "Internet Explorer\u662f\u5fae\u8f6f\u516c\u53f8\u63a8\u51fa\u7684\u4e00\u6b3e\u7f51\u9875\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Internet Explorer\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Internet Explorer\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-34719\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Windows 7 SP1",
      "Microsoft Internet Explorer",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows 8.1",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows RT 8.1",
      "Microsoft Windows 10 Gold",
      "Microsoft Windows 10  1511",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016",
      "Microsoft Windows 10 1703",
      "Microsoft Windows 10 1709"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/November 2017 Security Updates",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-16",
  "title": "Microsoft Internet Explorer\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-34719\uff09"
}

GHSA-X72M-4FVC-5G29

Vulnerability from github – Published: 2022-05-14 01:06 – Updated: 2025-04-20 03:48

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-11855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-15T03:29:00Z",
    "severity": "HIGH"
  },
  "details": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856.",
  "id": "GHSA-x72m-4fvc-5g29",
  "modified": "2025-04-20T03:48:26Z",
  "published": "2022-05-14T01:06:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11855"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43371"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101751"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201711-0179

Vulnerability from variot - Updated: 2022-05-06 12:59

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server Has been considered a problem But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. The vendor Internet Explorer Memory Corruption Vulnerability ". This vulnerability CVE-2017-11856 Is a different vulnerability.An attacker could gain the same user rights as the current user. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0179",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "11"
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "9"
      },
      {
        "model": "internet explorer",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "10"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "adtran",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mikrotik",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pi hole",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tippingpoint",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ubiquiti",
        "version": null
      },
      {
        "model": "",
        "scope": null,
        "trust": 0.8,
        "vendor": "multiple vendors",
        "version": null
      },
      {
        "model": "wpad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "wpad",
        "version": "0"
      },
      {
        "model": "skynas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "synology",
        "version": "0"
      },
      {
        "model": "router manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "synology",
        "version": "1.1"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "synology",
        "version": "6.2"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "synology",
        "version": "6.1"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "synology",
        "version": "5.2"
      },
      {
        "model": "total access 900/900e series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "0"
      },
      {
        "model": "sdx 810-rg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "0"
      },
      {
        "model": "netvanta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "60000"
      },
      {
        "model": "netvanta series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "6000"
      },
      {
        "model": "netvanta series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "5000"
      },
      {
        "model": "netvanta series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "4000"
      },
      {
        "model": "netvanta series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "3000"
      },
      {
        "model": "netvanta series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "10000"
      },
      {
        "model": "aos r13.2.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "adtran",
        "version": null
      },
      {
        "model": "434rg ont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "0"
      },
      {
        "model": "424rg ont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "0"
      },
      {
        "model": "414rg ont",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "adtran",
        "version": "0"
      },
      {
        "model": "router manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "synology",
        "version": "1.1.7-6941-2"
      },
      {
        "model": "dsm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "synology",
        "version": "6.2.1-23824"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#598349"
      },
      {
        "db": "BID",
        "id": "101751"
      },
      {
        "db": "BID",
        "id": "105298"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hui Gao of Palo Alto Networks",
    "sources": [
      {
        "db": "BID",
        "id": "101751"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-11855",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CVE-2017-11855",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 1.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-11855",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-11855",
            "trust": 1.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-568",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-11855",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-11855"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in \"wpad\" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network \"wpad\" And \"isatap\" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In \"wpad\" And \"isatap\" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server \u003ca href=\"https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html\"target=\"blank\"\u003e Has been considered a problem \u003c/a\u003e But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker \"wpad\" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. The vendor Internet Explorer Memory Corruption Vulnerability \". This vulnerability CVE-2017-11856 Is a different vulnerability.An attacker could gain the same user rights as the current user. \nAttackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      },
      {
        "db": "CERT/CC",
        "id": "VU#598349"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "BID",
        "id": "101751"
      },
      {
        "db": "BID",
        "id": "105298"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-11855"
      }
    ],
    "trust": 3.69
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43371",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-11855",
        "trust": 2.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#598349",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "101751",
        "trust": 2.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43371",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43367",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99302544",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014029",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "105298",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-11855",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#598349"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-11855"
      },
      {
        "db": "BID",
        "id": "101751"
      },
      {
        "db": "BID",
        "id": "105298"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "id": "VAR-201711-0179",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1625
  },
  "last_update_date": "2022-05-06T12:59:16.773000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2017-11855 | Internet Explorer Memory Corruption Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11855"
      },
      {
        "title": "CVE-2017-11855 | Internet Explorer Memory Corruption Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11855"
      },
      {
        "title": "Microsoft Windows Internet Explorer Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76407"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/11/15/november_patch_tuesday/"
      },
      {
        "title": "domato",
        "trust": 0.1,
        "url": "https://github.com/googleprojectzero/domato "
      },
      {
        "title": "js-vuln-db",
        "trust": 0.1,
        "url": "https://github.com/tunz/js-vuln-db "
      },
      {
        "title": "Exp101tsArchiv30thers",
        "trust": 0.1,
        "url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
      },
      {
        "title": "awesome-cve-poc_qazbnm456",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-11855"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11855"
      },
      {
        "trust": 1.8,
        "url": "https://www.exploit-db.com/exploits/43371/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/101751"
      },
      {
        "trust": 1.6,
        "url": "https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
      },
      {
        "trust": 1.2,
        "url": "https://www.kb.cert.org/vuls/id/598349"
      },
      {
        "trust": 1.1,
        "url": "https://supportforums.adtran.com/docs/doc-9269"
      },
      {
        "trust": 0.8,
        "url": "https://www.exploit-db.com/exploits/43367/"
      },
      {
        "trust": 0.8,
        "url": "https://community.ubnt.com/t5/unifi-updates-blog/usg-firmware-v4-4-28-now-available/ba-p/2482349"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99302544/"
      },
      {
        "trust": 0.8,
        "url": "https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2018/haavoittuvuus-2018-019.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11855"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2017/at170044.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11855"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/ie/"
      },
      {
        "trust": 0.3,
        "url": "https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.synology.com/en-global/support/security/synology_sa_18_53"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55852"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#598349"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-11855"
      },
      {
        "db": "BID",
        "id": "101751"
      },
      {
        "db": "BID",
        "id": "105298"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#598349"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-11855"
      },
      {
        "db": "BID",
        "id": "101751"
      },
      {
        "db": "BID",
        "id": "105298"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014029"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#598349"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-11855"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "101751"
      },
      {
        "date": "2018-09-05T00:00:00",
        "db": "BID",
        "id": "105298"
      },
      {
        "date": "2018-09-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014029"
      },
      {
        "date": "2017-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "date": "2017-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      },
      {
        "date": "2017-11-15T03:29:00",
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-23T00:00:00",
        "db": "CERT/CC",
        "id": "VU#598349"
      },
      {
        "date": "2019-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-11855"
      },
      {
        "date": "2017-12-19T22:00:00",
        "db": "BID",
        "id": "101751"
      },
      {
        "date": "2018-09-05T00:00:00",
        "db": "BID",
        "id": "105298"
      },
      {
        "date": "2018-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014029"
      },
      {
        "date": "2017-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010095"
      },
      {
        "date": "2019-04-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      },
      {
        "date": "2019-04-29T18:34:00",
        "db": "NVD",
        "id": "CVE-2017-11855"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "101751"
      },
      {
        "db": "BID",
        "id": "105298"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Automatic DNS registration and proxy autodiscovery allow spoofing of network services",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#598349"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-568"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-11855 (GCVE-0-2017-11855)

CERTFR-2017-AVI-406

Solution

CERTFR-2017-AVI-406

Solution

GSD-2017-11855

FKIE_CVE-2017-11855

CNVD-2017-34719

GHSA-X72M-4FVC-5G29

VAR-201711-0179

Tags

Sightings

Nomenclature