Remote Code Execution in Microsoft Browsers Due to Insecure Scripting Engines
CVE-2017-0094

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0094?

A vulnerability in Microsoft browsers arises from improper handling of objects in memory by the Microsoft scripting engines. This issue allows an attacker to corrupt memory and execute arbitrary code within the rights of the current user. If the user has admin privileges, the attacker could gain full control of the system, facilitating the installation of malware, altering or deleting data, and creating new user accounts with elevated rights. This vulnerability distinguishes itself from other related vulnerabilities by its unique exploitation vector and impact.

Affected Version(s)

Browser Browser

References

http://www.securityfocus.com/bid/96682
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.