Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0067

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0067?

A remote code execution vulnerability occurs due to improper handling of objects in memory by Microsoft scripting engines in their browsers. By exploiting this weakness, an attacker could execute arbitrary code within the context of the logged-in user, potentially gaining the same level of access. If the user has administrative privileges, the attacker could take complete control of the affected system, allowing for unauthorized program installations, data manipulation, or creation of new accounts with full rights. This vulnerability presents significant security risks, especially for users with higher privilege levels.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96662
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.