Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0070

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0070?

A remote code execution vulnerability exists in the Microsoft scripting engines, allowing attackers to execute arbitrary code in the context of the current user. By exploiting this vulnerability, an attacker could manipulate memory and gain unauthorized access, potentially compromising the entire system, especially if the user has administrative rights. This capability enables an attacker to install software, alter or delete data, and create new user accounts with full permissions.

Affected Version(s)

Browser Browser

References

http://www.securityfocus.com/bid/96690
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/41623/
exploitx_refsource_EXPLOIT-DB
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-0070 : Remote Code Execution Vulnerability in Microsoft Browsers