Attacker Value

Unknown

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

CVE-2017-0149

Disclosure Date: March 17, 2017 •

CVE-2017-0149 CVSS v3 Base Score: 8.8

Exploited in the Wild

Reported by gwillcox-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037.

Add Assessment

gwillcox-r7 (579)

November 22, 2020 3:04am UTC (4 years ago)

Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.8 High

Impact Score:

5.9

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

microsoft

Products

internet explorer 10,
internet explorer 11,
internet explorer 9

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: November 22, 2020 3:04am UTC (4 years ago) • Edited 2 years ago

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/05/24/cisa-adds-20-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:30am UTC (1 month ago)

References

Canonical

CVE-2017-0149 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0149)

BID-96724 (http://www.securityfocus.com/bid/96724)

Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149

SECTRACK-1038008 (http://www.securitytracker.com/id/1038008)

Rapid7

Unknown

CVE-2017-0149

Unknown

Unknown

Required

None

Network

CVE-2017-0149

Description

Add Assessment

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2017-0149

Unknown

Unknown

Required

None

Network

CVE-2017-0149

Description

Add Assessment

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification