Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0071

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0071?

This vulnerability allows attackers to execute arbitrary code in the context of the current user by exploiting how Microsoft scripting engines handle objects in memory within affected browsers. If an attacker successfully exploits this issue, they could gain the same permissions as the current user. This can lead to unauthorized installations, data manipulation, and even the creation of new user accounts with full rights, resulting in significant security risks.

Affected Version(s)

Browser Browser

References

http://www.securityfocus.com/bid/96681
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

32% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.