VYPR
High severity8.1CISA KEVNVD Advisory· Published Feb 26, 2017· Updated Jun 17, 2026

CVE-2017-0037

CVE-2017-0037

Description

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Microsoft/Edge2 versions
    cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
    • (no CPE)range: 10 and 11

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.