CVE-2017-11819
published 2017-10-13CVE-2017-11819: Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in…
PriorityP347high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
14.22%
96.1th percentile
Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability".
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft_corporation | microsoft_windows_7_sp1 | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Shell Remote Code Execution Vulnerability
vendor_msrc·2017-10-10·CVSS 7.5
CVE-2017-11819 [HIGH] Windows Shell Remote Code Execution Vulnerability
Windows Shell Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
In a web-based attack scenario, an attacker could host a website used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted co
GHSA
GHSA-xpxc-7j8q-3794: Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects
ghsa_unreviewed·2022-05-17
CVE-2017-11819 [HIGH] CWE-119 GHSA-xpxc-7j8q-3794: Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects
Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability".
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
## Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated Critical The following vulnerabilities are rated "Critical" by Microsoft:
CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2017-11763 - Microsoft G
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated CriticalThe following vulnerabilities are rated "Critical" by Microsoft:
- CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerabi
http://www.securityfocus.com/bid/101121http://www.securitytracker.com/id/1039537https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11819http://www.securityfocus.com/bid/101121http://www.securitytracker.com/id/1039537https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11819
2017-10-13
Published