Vulnerabilities

Palo Alto Networks Unit 42 Vulnerability Research November 2017 Disclosures

Clock Icon < 1 min read
Related Products

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered four vulnerabilities addressed by the Microsoft Security Response Center as part of their November 2017 security update release.

CVE Vulnerability Name Affected Products Maximum Severity Rating Impact Researcher(s)
CVE-2017-11855 Internet Explorer Memory Corruption Vulnerability Internet Explorer 9, 10, 11 Critical Remote Code Execution (RCE)  Hui Gao
CVE-2017-11856 Internet Explorer Memory Corruption Vulnerability Internet Explorer 11 Critical Remote Code Execution (RCE)  Hui Gao and Zhanglin He
CVE-2017-11791 Scripting Engine Information Disclosure Vulnerability Internet Explorer 9, 10, 11; Microsoft Edge Important Information Disclosure  Hui Gao
CVE-2017-11834 Scripting Engine Information Disclosure Vulnerability Internet Explorer 9, 10, 11 Important Information Disclosure  Hui Gao

For current customers with a Threat Prevention subscription, Palo Alto Networks has also released IPS signatures providing proactive protection from these vulnerabilities. Traps, Palo Alto Networks advanced endpoint solution, can block memory corruption based exploits of this nature.
Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems. By proactively identifying these vulnerabilities, developing protections for our customers, and sharing the information with the security community, we are removing weapons used by attackers to threaten users, and compromise enterprise, government, and service provider networks.

Enlarged Image