CVE-2017-0228
Published May 12, 2017
Last updated 7 years ago
Overview
- Description
- A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.6
- Impact score
- 10
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF"
}
],
"operator": "OR"
}
]
}
]