CVE-2017-0201 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Internet Explorer
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
7.5HIGHNVD
EPSS
23.9%
top 3.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 12
Latest updateMay 17
Description
A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5microsoft_corporation/internet_explorerThe Jscript and VBScript engine in Microsoft Internet Explorer 9 and Internet Explorer 10
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-4vg7-vv27-xc6x: A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in mem↗2022-05-17
GHSA▶
GHSA-vx6c-j786-5wrq: A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microso↗2022-05-17
CVEList▶
CVE-2017-0201: A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in mem↗2017-04-12
CVEList▶
CVE-2017-0093: A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microso↗2017-04-12