CVE-2017-11906: Infoleak
First published: Tue Dec 12 2017(Updated: )
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =11 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1511 | |
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1703 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Internet Explorer | =9 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Internet Explorer | =10 | |
| Microsoft Windows Server 2012 x64 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11906?
CVE-2017-11906 is rated as important, indicating that it can allow an attacker to obtain sensitive information from the user’s system.
How do I fix CVE-2017-11906?
To fix CVE-2017-11906, users should apply the latest security updates provided by Microsoft for the affected versions of Internet Explorer.
What systems are affected by CVE-2017-11906?
CVE-2017-11906 affects various versions of Microsoft Internet Explorer and Microsoft Windows, including Windows 7, 8.1, and certain Windows Server editions.
Can CVE-2017-11906 be exploited remotely?
Yes, CVE-2017-11906 can be exploited remotely through specially crafted web content that leads to information disclosure.
What are the potential impacts of exploiting CVE-2017-11906?
Exploiting CVE-2017-11906 can lead to the exposure of sensitive information, potentially enabling further attacks on the user's system.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/11
- canonical/microsoft windows 10
- version/microsoft windows 10/1511
- version/microsoft windows 10/1607
- version/microsoft windows 10/1703
- version/microsoft windows 10/1709
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows server 2016
- version/internet explorer/9
- version/microsoft windows server 2008 itanium/sp2
- version/internet explorer/10