CVE-2017-0222

CVSS 8.8 HIGHEPSS 29.6%● KEVCWE-787

Vexday Risk Score

56Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 8.8EPSS 29.6%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 May 2017Published on NVD

25 Feb 2022Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

Internet Explorer has a memory corruption flaw that allows attackers to run malicious code on your computer when you visit a specially crafted website. This happens because the browser doesn't properly manage memory, giving attackers a way to take control.

Technical detail

A memory corruption vulnerability in Internet Explorer's object access mechanism allows remote code execution via specially crafted web content. The attack requires user interaction (visiting a malicious site) and exploits improper memory handling to achieve arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Microsoft Corporation · Internet Explorer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0222 http://www.securityfocus.com/bid/98127 http://www.securitytracker.com/id/1038423