Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0137

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0137?

A remote code execution vulnerability has been identified in Microsoft browsers, whereby improper handling of objects in memory could allow an attacker to execute arbitrary code within the context of the current user. If the user has administrative privileges, the attacker could take full control of the affected system, enabling the installation of programs, data manipulation, and user account creation with elevated rights. This vulnerability poses significant risks as it differentiates itself from a series of other vulnerabilities, including those documented in prior CVEs.

Affected Version(s)

Browser Browser

References

http://www.securityfocus.com/bid/96689
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.