8.8

CVE-2017-0222

Warning

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version9
   MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftInternet Explorer Version11 Update-
   MicrosoftWindows 10 1507 Version-
   MicrosoftWindows 10 1511 Version-
   MicrosoftWindows 10 1607 Version-
   MicrosoftWindows 10 1703 Version-
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-

25.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Internet Explorer Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 55.66% 0.98
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/98127
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1038423
Third Party Advisory
Broken Link
VDB Entry