⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2017-0141 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Browser
Severity
7.5HIGHNVD
EPSS
54.8%
top 1.95%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 17
Latest updateMay 17
Description
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully e…
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
39GHSA▶
GHSA-xq72-8gp2-7gp9: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows↗2022-05-17
GHSA▶
GHSA-jvgj-583x-662p: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows↗2022-05-17
GHSA▶
GHSA-69wf-424f-m946: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows↗2022-05-17
GHSA▶
GHSA-6j5h-wpfp-f96c: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows↗2022-05-17
GHSA▶
GHSA-g8cg-4pg4-28mj: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft brows↗2022-05-17