Arbitrary Code Execution in Internet Explorer and Edge
- 28/02/2017 --- v1.0: Initial publication
The vulnerability is due to a type confusion issue in one of the functions in
Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement). An attacker that can convince an affected user to visit an attacker-controlled web page or to open a crafted HTML page with the affected browser, could exploit the vulnerability. If successful, the attacker could execute arbitrary code on the targeted system with the privileges of the affected browser .
This vulnerability affects all versions of Internet Explorer 11 and Microsoft's Edge on Windows systems.
Project Zero researcher Ivan Fratric reported the bug to Microsoft on 25/11/2016. It was made public on 28/02/2017, in line with Google's policy of publishing vulnerability details 90 days after being privately reported .
As no patch is available yet, it is highly recommended to avoid using Internet Explorer 11 or Microsoft's Edge on Windows for the time being. Microsoft has not provided a date for a patch release.