Internet Explorer Memory Corruption Vulnerability CVE-2017-0202
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code
in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."
When the PoC is run in Internet Explorer , it crashes IE. As seen in the image the crash happens at MSHTML!CStyleSheetArray::BuildListOfProbableRules when the script tries to set an attribute to an invalid value.
This attribute was set already in the StyleSheet.
An attacker could host a malicious website to exploit this vulnerability (CVE-2017-0202), and lure the victim into visiting the website. The vulnerability could corrupt memory in such a way that the attacker
could execute arbitrary code on victim's machine.
The call stack shows that the crash happens after "ApplyStyleSheets" suggesting a type confusion about the Style sheet element as seen in the code
The disassembly looks like this :
SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.
- IPS 12709: Internet Explorer Memory Corruption Vulnerability (APR 17) 1