cbcvebase.
CVE-2017-0067
published 2017-03-17

CVE-2017-0067: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers…

PriorityP271high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
15.23%
96.3th percentile
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

Affected

7 ranges
VendorProductVersion rangeFixed in
microsoft_corporationbrowser
msrcmicrosoft_edge_on_windows_10_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1511_for_x64-based_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_32-bit_systems
msrcmicrosoft_edge_on_windows_10_version_1607_for_x64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in the scripting engine's handling of objects in memory in Internet Explorer; monitor for memory corruption events triggered by IE scripting engine processing
  • Attack vector includes attacker-hosted specially crafted websites targeting Internet Explorer; monitor for suspicious IE navigations to unknown/external sites
  • Attack vector includes ActiveX controls marked 'safe for initialization' embedded in Office documents or applications hosting the IE rendering engine; monitor for Office processes spawning IE rendering engine with ActiveX initialization
  • Compromised websites or sites hosting user-provided content/advertisements may serve exploit content; monitor web proxy logs for drive-by download patterns via IE
  • ·Exploit status at time of advisory was 'Exploitation More Likely' for latest software release but not yet publicly disclosed or observed exploited in the wild
  • ·CVE-2017-0067 is one of many related scripting engine memory corruption CVEs patched in the same update cycle; ensure detections distinguish between the specific CVEs as they affect different code paths

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.