Remote Code Execution Vulnerability in Microsoft's Scripting Engine
CVE-2017-0136

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0136?

A remote code execution vulnerability affects Microsoft scripting engines due to improper handling of objects in memory. This flaw can be exploited by attackers to execute arbitrary code within the context of the current user. If successful, the attacker may gain the same privileges as the logged-in user. For users with administrative rights, this poses a significant threat, potentially allowing full system control, the installation of malicious programs, and unauthorized access to sensitive data. Awareness of this vulnerability is crucial for users of Microsoft browsers to implement necessary security measures.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/96688
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.