CVE-2017-0010Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Browser

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After FreeCWE-414Missing Lock Check77 documents11 sources
Severity
7.5HIGHNVD
EPSS
25.1%
top 3.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelMicrosoft Corporation Browser
Timeline
PublishedMar 17
Latest updateFeb 4

Description

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully e

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

Linuxlinux/linux_kernel6.17.06.18.6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

40
OSV
net/ena: fix missing lock when update devlink params2026-02-04
GHSA
GHSA-xq72-8gp2-7gp9: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows2022-05-17
GHSA
GHSA-jvgj-583x-662p: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows2022-05-17
GHSA
GHSA-69wf-424f-m946: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows2022-05-17
GHSA
GHSA-6j5h-wpfp-f96c: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows2022-05-17

📋Vendor Advisories

4
Red Hat
kernel: net/ena: fix missing lock when update devlink params2026-02-04
Red Hat
kernel: net/sched: act_ct: fix wild memory access when clearing fragments2024-02-28
Red Hat
kernel: net: fix use-after-free in tw_timer_handler2024-02-27
Microsoft
Scripting Engine Memory Corruption Vulnerability2017-03-14

🕵️Threat Intelligence

7
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15

💬Community

6
Bugzilla
CVE-2017-13870 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2017-12-20
Bugzilla
CVE-2017-7156 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2017-12-20
Bugzilla
CVE-2017-7157 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2017-12-20
Bugzilla
CVE-2017-13856 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2017-12-20
Bugzilla
CVE-2017-13866 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution2017-12-20
CVE-2017-0010 — Corporation Browser vulnerability | cvebase