CVE-2017-0222
published 2017-05-12CVE-2017-0222: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption…
PriorityP181high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-08-25
Exploited in the wild
EPSS
29.64%
98.0th percentile
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft_corporation | internet_explorer | — | — |
| msrc | internet_explorer_10_on_windows_server_2012 | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
| msrc | internet_explorer_11_on_windows_server_2016 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | internet_explorer_9_on_windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation has been detected in the wild targeting Internet Explorer memory corruption via specially crafted websites or compromised websites hosting malicious content. ↗
- →Attack vector is a user visiting a specially crafted or attacker-controlled website via Internet Explorer; also delivered via email/IM attachments or links. ↗
- →Execution context is that of the current user; if the user has admin rights, full system compromise is possible including program installation, data manipulation, and account creation. ↗
- ·The vulnerability is triggered by improper memory object access in Internet Explorer; the security update modifies how IE handles objects in memory. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Internet Explorer Remote Code Execution Vulnerability
cisa·2022-02-25·CVSS 8.8
CVE-2017-0222 [HIGH] CWE-119 Microsoft Internet Explorer Remote Code Execution Vulnerability
Vulnerability: Microsoft Internet Explorer Remote Code Execution Vulnerability
Affected: Microsoft Internet Explorer
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0222
Remediation Due Date: 2022-08-25
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2017-05-09·CVSS 6.0
CVE-2017-0222 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to vie
GHSA
GHSA-v5hf-38mr-h2fm: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2017-0226 [HIGH] CWE-119 GHSA-v5hf-38mr-h2fm: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0222.
GHSA
GHSA-cvfv-748g-qpfc: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0222 [HIGH] CWE-119 GHSA-cvfv-748g-qpfc: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.
VulnCheck
Microsoft Internet Explorer Remote Code Execution Vulnerability
vulncheck·2017·CVSS 8.8
CVE-2017-0222 [HIGH] CWE-119 Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2017-May; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-08-25
No detection rules found.
No public exploits indexed.
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update | Qualys
blogs_qualys·2017-06-13·CVSS 8.1
[HIGH] Microsoft Fixes 94 Security Issues in Massive June Update | Qualys
Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.
Microsoft also released Security Advisory 4025685 which includes patches for older platforms due to heightened risk of exploitation. In my opinion this should be treated as a blue-print for future attacks and updates for EOL operating systems should be applied as soon as possible. Older platforms include Windows XP, Windows Server 2003, Vista and Windows 8 and older issues like MS08-067, MS09-050, MS10-061, MS14-068, MS17-010, MS17-013 are patched. Newer issues affecting older platforms like CV
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update
blogs_qualys·2017-06-13·CVSS 8.1
[HIGH] Microsoft Fixes 94 Security Issues in Massive June Update
Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two months.
Microsoft also released Security Advisory 4025685 which includes patches for older platforms due to heightened risk of exploitation. In my opinion this should be treated as a blue-print for future attacks and updates for EOL operating systems should be applied as soon as possible. Older platforms include Windows XP, Windows Server 2003, Vista and Windows 8 and older issues like MS08-067, MS09-050, MS10-061, MS14-068, MS17-010, MS17-013 are patched. Newer issues affecting older platforms like CV
Talos
Microsoft Patch Tuesday - May 2017
blogs_talos·2017-05-10·CVSS 7.5
CVE-2017-0290 [HIGH] Microsoft Patch Tuesday - May 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 56 vulnerabilities with 15 of them rated critical and 41 rated important. Impacted products include .NET, DirectX, Edge, Internet Explorer, Office, Sharepoint, and Windows.
In addition to the coverage Talos is providing for the normal monthly Microsoft security advisories, Talos is also providing coverage for CVE-2017-0290, the MsMpEng Malware Protection service vulnerability in Windows reported by Natalie Silvanovich and Tavis Ormandy of Google Project Zero. Snort rule SIDs for this specific vulnerability are 42820-42821.
## Vulnerabilities Rated Critical The following vulnerabilities are rated critical by Microsoft:
- CVE-2017-0221
- CVE-2017-0222
- CV
Talos
Microsoft Patch Tuesday - May 2017
blogs_talos·2017-05-10·CVSS 7.5
CVE-2017-0290 [HIGH] Microsoft Patch Tuesday - May 2017
## Microsoft Patch Tuesday - May 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 56 vulnerabilities with 15 of them rated critical and 41 rated important. Impacted products include .NET, DirectX, Edge, Internet Explorer, Office, Sharepoint, and Windows.
In addition to the coverage Talos is providing for the normal monthly Microsoft security advisories, Talos is also providing coverage for CVE-2017-0290, the MsMpEng Malware Protection service vulnerability in Windows reported by Natalie Silvanovich and Tavis Ormandy of Google Project Zero. Snort rule SIDs for this specific vulnerability are 42820-42821.
## Vulnerabilities Rated Critical The following vulnerabilities are rated critical by Microsoft
Qualys
Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1 | Qualys
blogs_qualys·2017-05-09·CVSS 8.8
[HIGH] Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1 | Qualys
Hours before today’s Patch Tuesday release on the eve of May 8, Microsoft released an emergency updated to fix a vulnerability in their Malware Protection Engine. This critical vulnerability allows an attacker to take complete control of the victim’s machine by just sending an e-mail attachment. When the malware protection engine scans the attachment the malicious code in the file gets executed, allowing the attacker complete and full access to the computer. The attack can also be carried out by sending the file via an instant message or having the victim download the file from a website. It is absolutely essential that organizations using Microsoft Malware Protection Engine make sure that they are at version Version 1.1.13704.0 or later. Users should also check if they are patched for CVE
Qualys
Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1
blogs_qualys·2017-05-09·CVSS 8.8
[HIGH] Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1
Hours before today’s Patch Tuesday release on the eve of May 8, Microsoft released an emergency updated to fix a vulnerability in their Malware Protection Engine. This critical vulnerability allows an attacker to take complete control of the victim’s machine by just sending an e-mail attachment. When the malware protection engine scans the attachment the malicious code in the file gets executed, allowing the attacker complete and full access to the computer. The attack can also be carried out by sending the file via an instant message or having the victim download the file from a website. It is absolutely essential that organizations using Microsoft Malware Protection Engine make sure that they are at version Version 1.1.13704.0 or later. Users should also check if they are patched for CVE
http://www.securityfocus.com/bid/98127http://www.securitytracker.com/id/1038423https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222http://www.securityfocus.com/bid/98127http://www.securitytracker.com/id/1038423https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0222
2017-05-12
Published
2022-02-25
Added to CISA KEV
Exploited in the wild