Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0133

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0133?

A flaw exists in Microsoft’s scripting engines due to improper handling of objects in memory, which can lead to remote code execution. An attacker exploiting this vulnerability gains the same permissions as the user currently logged in. If executed under an administrator account, the attacker could gain full control over the affected system, leading to the potential installation of malicious software, modification or deletion of sensitive data, and the creation of new user accounts with elevated rights.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96683
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.