High severity8.1CISA KEVNVD Advisory· Published Feb 26, 2017· Updated Apr 22, 2026

CVE-2017-0037

Description

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

Affected products

Microsoft/Edge
cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
Microsoft/Internet Explorer
cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037nvdPatchVendor Advisory
0patch.blogspot.si/2017/03/0patching-another-0-day-internet.htmlnvdExploitThird Party Advisory
bugs.chromium.org/p/project-zero/issues/detailnvdExploitIssue TrackingThird Party Advisory
www.exploit-db.com/exploits/41454/nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/42354/nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/43125/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/96088nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037905nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037906nvdBroken LinkThird Party AdvisoryVDB Entry
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.071
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000