Another unpatched Edge and IE vulnerability

Posted on 2017-02-26 by guenni

Google's project zero has gone public with another unpatched vulnerability (CVE-2017-0037) in Microsoft's browsers Edge and Internet Explorer.

Advertising

After Microsoft has canceled February 2017 patch day, there is now another vulnerability. The first vulnerability was publicly announced by Google's project zero a week ago (see Windows: Zero-Day vulnerability in gdi.dll).

The new vulnerability (CVE-2017-0037) was discovered at the end of November by Google Project Zero researcher Ivan Fratric. It's a type confusion, that crashed the browser. An attacker probably is able to execute code on the affected machine. The details about this vulnerability are published in Google's bug report after a 90-day deadline.

Advertising
This entry was posted in Security, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).