Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0032

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0032?

A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. When exploited, this vulnerability allows an attacker to execute arbitrary code in the context of the current user, potentially granting them the same privileges as that user. If the affected user holds administrative rights, the attacker could take full control of the system, leading to serious consequences such as unauthorized data access, installation of malicious software, and creation of new accounts with elevated privileges.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96080
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.