CVE-2017-0037 | Microsoft Internet Explorer - mshtml.dll Operational Intel

Executive Risk Summary

"A type confusion vulnerability exists in Microsoft Internet Explorer 10 and 11, and Microsoft Edge, due to a flaw in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll. This vulnerability allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) token sequences and JavaScript code that operates on a TH element."

Anticipated Attack Path

1. Initial Exploitation: Attacker crafts malicious CSS and JavaScript code
2. Privilege Escalation: Exploits type confusion vulnerability in mshtml.dll
3. Arbitrary Code Execution: Executes malicious code on the vulnerable system

Am I Vulnerable?

Verify if Microsoft Internet Explorer 10 or 11, or Microsoft Edge is installed and running on the system
Check for the presence of the mshtml.dll file
Apply the latest security patches from Microsoft to address the vulnerability

Operational Audit Arsenal

Target Type DLL

Target Asset mshtml.dll

Standard Path C:\Windows\System32

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: mshtml.dll (DLL)
$Targets = 'mshtml.dll'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Potential disruption to web browsing and related services

Internal Work Notes

Apply Microsoft security patches to address CVE-2017-0037, a type confusion vulnerability in Microsoft Internet Explorer and Microsoft Edge, to prevent arbitrary code execution.

Technical Intelligence & Operational Utilities • Delivered Weekly