Telspace Systems Security Advisory
TSA-2017-005: Internet Explorer Information Disclosure Vulnerability
CVE number
CVE-2017-11790
Summary
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user’s system
Vendor
Microsoft
Product
Internet Explorer
Version
11.0.15063.540
Vendor URL
https://www.microsoft.com
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11790
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11790
Details and crash information
iertutil!CreateUriPriv+0x43:00007ff8`001be203 66391479 cmp word ptr [rcx+rdi*2],dx ds:0000012f`76037000=????
Vendor response
The vendor has patched the vulnerability and released a new version
Disclosure Timeline
02-08-2017 – Initial Discovery
14-09-2017 – Vendor Notification
10-10-2017 – Vendor Patch
11-10-2017 – Public Disclosure
Credit
This vulnerability was discovered by Dmitri Kaslov of Telspace Systems