A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.
{"cve": [{"lastseen": "2023-02-08T15:37:19", "description": "A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka \"Scripting Engine Memory Corruption Vulnerability\". This vulnerability is unique from CVE-2017-0223.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-15T17:29:00", "type": "cve", "title": "CVE-2017-0252", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0223", "CVE-2017-0252"], "modified": "2017-05-24T14:30:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-0252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0252", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2023-02-08T15:52:22", "description": "### *Detect date*:\n05/19/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nA memory corruption vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Edge (EdgeHTML-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-0223](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0223>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)\n\n### *CVE-IDS*:\n[CVE-2017-0223](<https://vulners.com/cve/CVE-2017-0223>)7.5Critical\n\n### *KB list*:\n[4016871](<http://support.microsoft.com/kb/4016871>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-19T00:00:00", "type": "kaspersky", "title": "KLA11838 ACE vulnerability in Microsoft Browser", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0223"], "modified": "2020-07-08T00:00:00", "id": "KLA11838", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11838/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2022-08-24T11:08:16", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addressed issue with Surface Hub devices waking from sleep approximately every four minutes after the first two hours.\n * Addressed issue where autochk.exe can randomly skip drive checks and not fix corruptions, which may lead to data loss.\n * Addressed an issue where Microsoft Edge users in networking environments that do not fully support the TCP Fast Open standard may have problems connecting to some websites. Users can re-enable TCP Fast Open in **about:flags**.\n * Addressed issues with Arc Touch mouse Bluetooth connectivity.\n * Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4016871>) website. After this update is installed, the build number will be either 15063.296 (for all Windows 10 devices except Mobile and IoT) or 15063.297 (for Mobile and IoT).\n\n * **Update replacement information** \nThis update replaces the previously released update KB4016240.\n * **File information** \nFor a list of the files that are provided in this update, download the [file information for cumulative update KB4016871](<http://download.microsoft.com/download/C/B/A/CBA6545B-FC81-4562-8292-FD88A91544F7/4016871.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-19T07:00:00", "type": "mskb", "title": "May 9, 2017\u2014KB4016871 (OS Build 15063.296 and 15063.297)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0223"], "modified": "2017-05-19T07:00:00", "id": "KB4016871", "href": "https://support.microsoft.com/en-us/help/4016871", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-03-17T02:35:24", "description": "A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-19T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0223"], "modified": "2017-05-19T07:00:00", "id": "MS:CVE-2017-0223", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0223", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:26:23", "description": "The remote Windows 10 version 1703 host is missing security update KB4016871. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet Explorer due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to bypass mixed content warnings and load insecure content (HTTP) from secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in Windows in the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V due to improper validation of vSMB packet data. An unauthenticated, adjacent attacker can exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the Windows COM Aggregate Marshaler due to an unspecified flaw. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in Windows due to improper validation of user-supplied input when loading type libraries. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0224)\n\n - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers due to improper rendering of the SmartScreen filter. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect users to a malicious website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper sandboxing. An unauthenticated, remote attacker can exploit this to break out of the Edge AppContainer sandbox and gain elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0235)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the Chakra JavaScript engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in Microsoft browsers in the JavaScript scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted Office document, to execute arbitrary code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in Microsoft Edge due to improper rendering of a domain-less page in the URL. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to cause the user to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the win32k component due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. Note that an attacker can also cause a denial of service condition on Windows 7 x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the Microsoft scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a crafted web page or open a crafted Office document file, to execute arbitrary code in the context of the current user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) server when handling certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft Server Message Block (SMB) when handling a specially crafted request to the server. An unauthenticated, remote attacker can exploit this, via a crafted SMB request, to cause the system to stop responding.\n (CVE-2017-0280)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0064", "CVE-2017-0077", "CVE-2017-0212", "CVE-2017-0213", "CVE-2017-0214", "CVE-2017-0222", "CVE-2017-0223", "CVE-2017-0224", "CVE-2017-0226", "CVE-2017-0227", "CVE-2017-0228", "CVE-2017-0229", "CVE-2017-0230", "CVE-2017-0231", "CVE-2017-0233", "CVE-2017-0234", "CVE-2017-0235", "CVE-2017-0236", "CVE-2017-0238", "CVE-2017-0240", "CVE-2017-0241", "CVE-2017-0246", "CVE-2017-0248", "CVE-2017-0258", "CVE-2017-0259", "CVE-2017-0263", "CVE-2017-0266", "CVE-2017-0267", "CVE-2017-0268", "CVE-2017-0269", "CVE-2017-0270", "CVE-2017-0271", "CVE-2017-0272", "CVE-2017-0273", "CVE-2017-0274", "CVE-2017-0275", "CVE-2017-0276", "CVE-2017-0277", "CVE-2017-0278", "CVE-2017-0279", "CVE-2017-0280"], "modified": "2022-03-29T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_MAY_4016871.NASL", "href": "https://www.tenable.com/plugins/nessus/100055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100055);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/29\");\n\n script_cve_id(\n \"CVE-2017-0064\",\n \"CVE-2017-0077\",\n \"CVE-2017-0212\",\n \"CVE-2017-0213\",\n \"CVE-2017-0214\",\n \"CVE-2017-0222\",\n \"CVE-2017-0223\",\n \"CVE-2017-0224\",\n \"CVE-2017-0226\",\n \"CVE-2017-0227\",\n \"CVE-2017-0228\",\n \"CVE-2017-0229\",\n \"CVE-2017-0230\",\n \"CVE-2017-0231\",\n \"CVE-2017-0233\",\n \"CVE-2017-0234\",\n \"CVE-2017-0235\",\n \"CVE-2017-0236\",\n \"CVE-2017-0238\",\n \"CVE-2017-0240\",\n \"CVE-2017-0241\",\n \"CVE-2017-0246\",\n \"CVE-2017-0248\",\n \"CVE-2017-0258\",\n \"CVE-2017-0259\",\n \"CVE-2017-0263\",\n \"CVE-2017-0266\",\n \"CVE-2017-0267\",\n \"CVE-2017-0268\",\n \"CVE-2017-0269\",\n \"CVE-2017-0270\",\n \"CVE-2017-0271\",\n \"CVE-2017-0272\",\n \"CVE-2017-0273\",\n \"CVE-2017-0274\",\n \"CVE-2017-0275\",\n \"CVE-2017-0276\",\n \"CVE-2017-0277\",\n \"CVE-2017-0278\",\n \"CVE-2017-0279\",\n \"CVE-2017-0280\"\n );\n script_bugtraq_id(\n 98099,\n 98102,\n 98103,\n 98108,\n 98112,\n 98113,\n 98114,\n 98117,\n 98121,\n 98127,\n 98139,\n 98164,\n 98173,\n 98179,\n 98203,\n 98208,\n 98214,\n 98217,\n 98222,\n 98229,\n 98230,\n 98234,\n 98237,\n 98258,\n 98259,\n 98260,\n 98261,\n 98263,\n 98264,\n 98265,\n 98266,\n 98267,\n 98268,\n 98270,\n 98271,\n 98272,\n 98273,\n 98274,\n 98276,\n 98281,\n 98452\n );\n script_xref(name:\"MSKB\", value:\"4016871\");\n script_xref(name:\"MSFT\", value:\"MS17-4016871\");\n script_xref(name:\"IAVA\", value:\"2017-A-0148\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/25\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n\n script_name(english:\"KB4016871: Windows 10 Version 1703 May 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1703 host is missing security update\nKB4016871. It is, therefore, affected by multiple vulnerabilities :\n\n - A security bypass vulnerability exists in Internet\n Explorer due to an unspecified flaw. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website, to bypass mixed\n content warnings and load insecure content (HTTP) from\n secure locations (HTTPS). (CVE-2017-0064)\n\n - An elevation of privilege vulnerability exists in\n Windows in the Microsoft DirectX graphics kernel\n subsystem (dxgkrnl.sys) due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to execute\n arbitrary code in an elevated context. (CVE-2017-0077)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V due to improper validation of vSMB\n packet data. An unauthenticated, adjacent attacker can\n exploit this to gain elevated privileges.\n (CVE-2017-0212)\n\n - An elevation of privilege vulnerability exists in the\n Windows COM Aggregate Marshaler due to an unspecified\n flaw. A local attacker can exploit this, via a specially\n crafted application, to execute arbitrary code with\n elevated privileges. (CVE-2017-0213)\n\n - An elevation of privilege vulnerability exists in\n Windows due to improper validation of user-supplied\n input when loading type libraries. A local attacker can\n exploit this, via a specially crafted application, to\n gain elevated privileges. (CVE-2017-0214)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0222)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0224)\n\n - A remote code execution vulnerability exists in\n Microsoft Internet Explorer due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website, to execute arbitrary code in\n the context of the current user. (CVE-2017-0226)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or open a specially\n crafted Microsoft Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0227)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0228)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0229)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to execute\n arbitrary code in the context of the current user.\n (CVE-2017-0230)\n\n - A spoofing vulnerability exists in Microsoft browsers\n due to improper rendering of the SmartScreen filter. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted URL, to redirect users to a malicious\n website that appears to be a legitimate website.\n (CVE-2017-0231)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper sandboxing. An\n unauthenticated, remote attacker can exploit this to\n break out of the Edge AppContainer sandbox and gain\n elevated privileges. (CVE-2017-0233)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0234)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0235)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the Chakra JavaScript engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0236)\n\n - A remote code execution vulnerability exists in\n Microsoft browsers in the JavaScript scripting engines\n due to improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Office document, to\n execute arbitrary code in the context of the current\n user. (CVE-2017-0238)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the scripting engines due to improper\n handling of objects in memory. An unauthenticated,\n remote attacker can exploit this, by convincing a user\n to visit a specially crafted website or to open a\n specially crafted Office document, to execute arbitrary\n code in the context of the current user. (CVE-2017-0240)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Edge due to improper rendering of a\n domain-less page in the URL. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to cause the user to\n perform actions in the context of the Intranet Zone and\n access functionality that is not typically available to\n the browser when browsing in the context of the Internet\n Zone. (CVE-2017-0241)\n\n - An elevation of privilege vulnerability exists in the\n win32k component due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. Note that an attacker can\n also cause a denial of service condition on Windows 7\n x64 or later systems. (CVE-2017-0246)\n\n - A security bypass vulnerability exists in the Microsoft\n .NET Framework and .NET Core components due to a failure\n to completely validate certificates. An attacker can\n exploit this to present a certificate that is marked\n invalid for a specific use, but the component uses it\n for that purpose, resulting in a bypass of the Enhanced\n Key Usage taggings. (CVE-2017-0248)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0258)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper initialization of objects\n in memory. A local attacker can exploit this, via a\n specially crafted application, to disclose sensitive\n information. (CVE-2017-0259)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run arbitrary\n code in kernel mode. (CVE-2017-0263)\n\n - A remote code execution vulnerability exists in the\n Microsoft scripting engines due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n crafted web page or open a crafted Office document file,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-0266)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0267)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0268)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0269)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0270)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0271)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0272)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0273)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0274)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0275)\n\n - An information disclosure vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to disclose sensitive information.\n (CVE-2017-0276)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0277)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0278)\n\n - A remote code execution vulnerability exists in the\n Microsoft Server Message Block 1.0 (SMBv1) server when\n handling certain requests. An unauthenticated, remote\n attacker can exploit this, via a specially crafted\n packet, to execute arbitrary code on a target server.\n (CVE-2017-0279)\n\n - A denial of service vulnerability exists in Microsoft\n Server Message Block (SMB) when handling a specially\n crafted request to the server. An unauthenticated,\n remote attacker can exploit this, via a crafted SMB\n request, to cause the system to stop responding.\n (CVE-2017-0280)\");\n # https://support.microsoft.com/en-us/help/4016871/windows-10-update-kb4016871\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f546dcfb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4016871.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-0272\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-05';\nkbs = make_list(\n '4016871' # 10 1703 \n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1703)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date: \"05_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4016871))\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
CVE-2017-0223
