Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0015

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0015?

A vulnerability exists in Microsoft scripting engines that improperly handle objects in memory. This flaw could allow an attacker to execute arbitrary code in the context of the current user. If exploited, the attacker could gain the same permissions as the user, including administrative rights, enabling them to install programs, view, change, or delete data and create new user accounts. This vulnerability poses significant risks, particularly if it affects users operating with elevated privileges.

Affected Version(s)

Browser Browser

References

http://www.securityfocus.com/bid/96079
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.