CVE-2017-0028
high-risk
Published 2017-07-17
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
Do I need to act?
!
19.6% chance of exploitation in next 30 days
EPSS score — higher than 80% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 402f3d967c0a905ec5b9ca9c240783d3f2c15724, 402f3d967c0a905ec5b9ca9c240783d3f2c15724
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
51
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
14/34 · Moderate
Exposure
5/34 · Minimal