cbcvebase.
CVE-2017-0015
published 2017-03-17

CVE-2017-0015: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers…

PriorityP272high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
26.37%
97.7th percentile
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

Affected

5 ranges
VendorProductVersion rangeFixed in
microsoft_corporationbrowser
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in the scripting engine's handling of objects in memory in Internet Explorer; monitor for exploitation via specially crafted websites or ActiveX controls marked 'safe for initialization' embedded in Office documents or applications hosting the IE rendering engine.
  • Monitor for suspicious IE rendering engine activity triggered from Microsoft Office documents or applications embedding ActiveX controls marked 'safe for initialization', as these are documented attack vectors for this CVE.
  • Monitor for users being directed to attacker-controlled or compromised websites serving user-provided content or advertisements, which may exploit this scripting engine vulnerability via Internet Explorer.
  • ·Exploit Status is 'Exploitation More Likely' for the latest software release, but as of advisory publication it was not yet publicly disclosed or actively exploited.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.