CVE-2017-0034

Severity CVSS v4.0:

Pending analysis

Type:

CWE-119 Buffer Errors

Publication date:

17/03/2017

Last modified:

20/04/2025

Description

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

7.50

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:H/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.60 HIGH
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): High
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete