CVE-2017-0049Sensitive Information Exposure in Corporation Internet Explorer

CWE-200Sensitive Information Exposure10 documents5 sources
Severity
4.3MEDIUMNVD
CNA7.5
EPSS
22.0%
top 4.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Corporation Internet ExplorerMicrosoft Internet Explorer
Timeline
PublishedMar 17
Latest updateMay 17

Description

The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5microsoft_corporation/internet_explorerThe VBScript engine in Microsoft Internet Explorer 11

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vrcm-c43w-vj64: The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web si2022-05-17
CVEList
CVE-2017-0049: The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web si2017-03-17

📋Vendor Advisories

1
Microsoft
Internet Explorer Information Disclosure Vulnerability2017-03-14

🕵️Threat Intelligence

6
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
CVE-2017-0049 — Sensitive Information Exposure | cvebase