CVE-2021-34448
Scripting Engine Memory Corruption Vulnerability
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.8EPSS 26.7%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Jul 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short
A flaw in the scripting engine allows attackers to corrupt memory by sending specially crafted input, potentially causing the application to crash or behave unexpectedly. This vulnerability requires user interaction or specific conditions to be exploited.
Technical detail
CWE-787 (Out-of-bounds Write) in the scripting engine allows an attacker to write beyond allocated buffer boundaries through malformed script input. Exploitation typically requires script execution context and can result in denial of service or potential code execution depending on memory layout and mitigations.
Summary generated and translated by AI from the official description.
Scripting Engine Memory Corruption Vulnerability
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 1507Microsoft · Windows 10 Version 1607Microsoft · Windows 10 Version 1809Microsoft · Windows 10 Version 1909Microsoft · Windows 10 Version 2004Microsoft · Windows 10 Version 20H2Microsoft · Windows 10 Version 21H1Microsoft · Windows 7Microsoft · Windows 7 Service Pack 1Microsoft · Windows 8.1Microsoft · Windows Server 2008 R2 Service Pack 1Microsoft · Windows Server 2012Microsoft · Windows Server 2012 R2Microsoft · Windows Server 2016Microsoft · Windows Server 2019Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →