Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0134

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0134?

A remote code execution vulnerability exists in Microsoft browsers due to improper handling of objects in memory by the scripting engines. An attacker leveraging this flaw can execute arbitrary code within the context of the current user. If the user holds administrative rights, the attacker could gain full control of the affected system, enabling them to install malicious software, access or modify sensitive information, and create new accounts. This highlights the critical need for timely updates and security practices to safeguard against such vulnerabilities.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/96687
vdb-entryx_refsource_BID

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.