Lucene search

MicrosoftCVE-2017-0040

HistoryMar 17, 2017 - 12:59 a.m.

CVE-2017-0040

2017-03-1700:59:01

CWE-119

microsoft

web.nvd.nist.gov

microsoft

internet explorer

cve-2017-0040

scripting engine

memory corruption

remote code execution

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.357

Percentile

97.2%

JSON

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.” This vulnerability is different from that described in CVE-2017-0130.

Affected configurations

Nvd

Vulners

Node

microsoftinternet_explorerMatch9

microsoftinternet_explorerMatch10

microsoftinternet_explorerMatch11

VendorProductVersionCPE
microsoftinternet_explorer9cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
microsoftinternet_explorer10cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
microsoftinternet_explorer11cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	9	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
microsoft	internet_explorer	10	cpe:2.3:a:microsoft:internet_explorer:10:::::::*
microsoft	internet_explorer	11	cpe:2.3:a:microsoft:internet_explorer:11:::::::*

CNA Affected

[
  {
    "product": "Internet Explorer",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "The scripting engine in Microsoft Internet Explorer 9 through 11"
      }
    ]
  }
]