CVE-2017-0152

HIGH Year: 2017
CVSS v3 Score
8.1
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-119
View all →

Vulnerability Description

A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."

Related Vulnerabilities

CVE-2008-1083

HIGH
CVSS:8.1(High)

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbi...

CWE-1192008

CVE-2009-2502

HIGH
CVSS:8.1(High)

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2,...

CWE-1192009

CVE-2015-7547

HIGH
CVSS:8.1(High)

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a deni...

CWE-1192015

CVE-2015-8764

HIGH
CVSS:8.1(High)

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.

CWE-1192015

CVE-2016-0778

HIGH
CVSS:8.1(High)

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly ma...

CWE-1192016

CVE-2016-0858

HIGH
CVSS:8.1(High)

Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.

CWE-1192016