Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2017-0138

7.5HIGH

Key Information:

Vendor

Microsoft
Status
Browser
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0138?

A remote code execution vulnerability is present in Microsoft scripting engines due to improper handling of objects in memory. When exploited, this could allow an attacker to execute arbitrary code with the current user's privileges. If the user has administrative rights, the attacker may gain complete control over the affected system, enabling them to install programs, manipulate data, or create new accounts with full permissions. This issue is significant as it highlights the potential risks associated with the use of Microsoft browsers.

Affected Version(s)

Browser Browser

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038006
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/96684
vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.