Remote Code Execution Vulnerability in Microsoft Scripting Engines
CVE-2017-0132

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0132?

A vulnerability exists in the way Microsoft scripting engines process objects in memory, leading to potential remote code execution. An attacker who successfully exploits this issue could execute arbitrary code with the rights of the logged-in user. If exploited on a system where the user has administrative privileges, the attacker could gain full control over the system, enabling them to install programs, access or modify data, and create new accounts. This vulnerability differs from others noted in the CVE listings for the year.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96686
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.