CVE-2017-0070
published 2017-03-17CVE-2017-0070: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers…
PriorityP268high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
78.54%
99.5th percentile
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft_corporation | browser | — | — |
| msrc | microsoft_edge_on_windows_10_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | microsoft_edge_on_windows_10_version_1607_for_x64-based_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2017-0070 PoC triggers a Use-After-Free in Microsoft Edge's JavaScript JIT engine by calling window.__lookupGetter__ on a cross-origin iframe's contentWindow, causing RIP to jump into freed JIT code. ↗
- →Exploit pattern involves creating an iframe, navigating it to 'about:blank', then invoking window.__lookupGetter__("defaultStatus").call(f.contentWindow) to obtain a cross-origin object and chain .constructor.constructor to obtain Function constructor for arbitrary code execution. ↗
- →Exploit targets specifically Microsoft Edge version 38.14393.0.0; detections should flag this version in browser telemetry or crash reports associated with JIT memory corruption. ↗
- →Attack vector is web-based: attacker hosts a specially crafted website or embeds an ActiveX control marked 'safe for initialization' in an Office document hosting the IE rendering engine to trigger the vulnerability. ↗
- ·At time of advisory publication, the vulnerability had NOT been observed exploited in the wild; exploitation was rated 'More Likely' only for the latest software release. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc4.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xq72-8gp2-7gp9: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0131 [HIGH] CWE-119 GHSA-xq72-8gp2-7gp9: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-jvgj-583x-662p: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0015 [HIGH] CWE-119 GHSA-jvgj-583x-662p: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067
GHSA
GHSA-69wf-424f-m946: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0150 [HIGH] CWE-119 GHSA-69wf-424f-m946: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-6j5h-wpfp-f96c: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0071 [HIGH] CWE-119 GHSA-6j5h-wpfp-f96c: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-g8cg-4pg4-28mj: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0138 [HIGH] CWE-119 GHSA-g8cg-4pg4-28mj: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-jjmq-hf44-978c: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0136 [HIGH] CWE-119 GHSA-jjmq-hf44-978c: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-72xr-r84v-f8hg: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0134 [HIGH] CWE-119 GHSA-72xr-r84v-f8hg: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-87jf-pgx6-356w: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0067 [HIGH] CWE-119 GHSA-87jf-pgx6-356w: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-x9x9-7rg4-9frw: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0094 [HIGH] CWE-119 GHSA-x9x9-7rg4-9frw: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-xm6q-84w2-rw7v: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0151 [HIGH] CWE-119 GHSA-xm6q-84w2-rw7v: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-w965-rvwp-8jc9: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0035 [HIGH] CWE-119 GHSA-w965-rvwp-8jc9: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0067
GHSA
GHSA-998r-r3v7-93wx: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0137 [HIGH] CWE-119 GHSA-998r-r3v7-93wx: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-4fxg-w3g2-qr6r: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0133 [HIGH] CWE-119 GHSA-4fxg-w3g2-qr6r: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-wm5w-mjwg-2jqp: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0132 [HIGH] CWE-119 GHSA-wm5w-mjwg-2jqp: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-66qc-4q33-3974: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0032 [HIGH] CWE-119 GHSA-66qc-4q33-3974: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067
GHSA
GHSA-jc2w-vrq2-h85m: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2017-0141 [HIGH] GHSA-jc2w-vrq2-h85m: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
GHSA
GHSA-hvc6-g8h2-4p26: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2017-0010 [HIGH] GHSA-hvc6-g8h2-4p26: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067
GHSA
GHSA-mxpv-7v22-cqc6: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2017-0070 [HIGH] CWE-416 GHSA-mxpv-7v22-cqc6: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035
VulnCheck
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
vulncheck·2017·CVSS 7.5
CVE-2017-0141 [HIGH] Microsoft Edge Scripting Engine Memory Corruption Vulnerability
Microsoft Edge Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those descri
VulnCheck
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2017·CVSS 7.5
CVE-2017-0067 [HIGH] Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is diff
VulnCheck
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2017·CVSS 7.5
CVE-2017-0015 [HIGH] Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
Microsoft Edge Improper Restriction of Operations within the Bounds of a Memory Buffer
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is diff
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2017-03-14·CVSS 4.2
CVE-2017-0070 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted websi
No detection rules found.
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
# March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro
2017/03/15
Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB). This vulnerability potentially allows cyber criminals to render affected system
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Ausnutzung von Schwachstellen
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Sfruttamento vulnerabilità
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected sy
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits y vulnerabilidades
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected s
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro 2017/03/15 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected syst
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected sy
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-14-2017
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 03-14-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/96690http://www.securitytracker.com/id/1038006https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070https://www.exploit-db.com/exploits/41623/http://www.securityfocus.com/bid/96690http://www.securitytracker.com/id/1038006https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070https://www.exploit-db.com/exploits/41623/
2017-03-17
Published