Wednesday, October 11, 2017

Telspace Systems Security Advisory (TSA-2017-005)

Telspace Systems Security Advisory

TSA-2017-005: Internet Explorer Information Disclosure Vulnerability

CVE number
CVE-2017-11790

Summary
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user’s system 

Vendor
Microsoft

Product
Internet Explorer

Version
11.0.15063.540

Vendor URL

Details and crash information
iertutil!CreateUriPriv+0x43:
00007ff8`001be203 66391479 cmp word ptr [rcx+rdi*2],dx ds:0000012f`76037000=????


Vendor response
The vendor has patched the vulnerability and released a new version 

Disclosure Timeline
02-08-2017 – Initial Discovery
14-09-2017 – Vendor Notification
10-10-2017 – Vendor Patch
11-10-2017 – Public Disclosure


Credit
This vulnerability was discovered by Dmitri Kaslov of Telspace Systems