Wednesday, October 11, 2017

Telspace Systems Security Advisory (TSA-2017-005)

Telspace Systems Security Advisory

TSA-2017-005: Internet Explorer Information Disclosure Vulnerability

CVE number
CVE-2017-11790

Summary
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user’s system 

Vendor
Microsoft

Product
Internet Explorer

Version
11.0.15063.540

Vendor URL
https://www.microsoft.com
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11790

Details and crash information
iertutil!CreateUriPriv+0x43:
00007ff8`001be203 66391479 cmp word ptr [rcx+rdi*2],dx ds:0000012f`76037000=????








Vendor response



The vendor has patched the vulnerability and released a new version 







Disclosure Timeline



02-08-2017 – Initial Discovery



14-09-2017 – Vendor Notification



10-10-2017 – Vendor Patch



11-10-2017 – Public Disclosure









Credit



This vulnerability was discovered by Dmitri Kaslov of Telspace Systems























at





















Labels:
,
,
,


















No comments:











Post a Comment







        

      









Subscribe to:
Post Comments (Atom)