Security Advisory

CVE-2017-0037

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-02-26 23:30:00

Last updated 2025-10-21 23:55:46

Assigner microsoft

State PUBLISHED

Description

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

← Browse all CVEs View on cve.org ↗