Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2017-0136 | First vendor Publication | 2017-03-16 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.5 | ||
| Base Score | 7.5 | Environmental Score | 7.5 |
| impact SubScore | 5.9 | Temporal Score | 7.5 |
| Exploitabality Sub Score | 1.6 | ||
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.6 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0136 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-04-14 | Microsoft Edge web address spoofing attempt RuleID : 41988 - Revision : 3 - Type : BROWSER-IE |
| 2017-04-14 | Microsoft Edge web address spoofing attempt RuleID : 41987 - Revision : 3 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge JavascriptProxy SetPropertyTrap type confusion attempt RuleID : 41969 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge JavascriptProxy SetPropertyTrap type confusion attempt RuleID : 41968 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge malformed UTF-8 decode arbitrary read attempt RuleID : 41959 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge malformed UTF-8 decode arbitrary read attempt RuleID : 41958 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge local file read information leak attempt RuleID : 41953 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge local file read information leak attempt RuleID : 41952 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge WebAssembly memory corruption attempt RuleID : 41951 - Revision : 3 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge WebAssembly memory corruption attempt RuleID : 41950 - Revision : 3 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge fetch API same origin policy bypass attempt RuleID : 41949 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge fetch API same origin policy bypass attempt RuleID : 41948 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge scripting engine security bypass css attempt RuleID : 41945 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge scripting engine security bypass css attempt RuleID : 41944 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge EntrySimpleSlotGetter use after free attempt RuleID : 41943 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge EntrySimpleSlotGetter use after free attempt RuleID : 41942 - Revision : 3 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge reverse helper heap buffer overflow attempt RuleID : 41939 - Revision : 4 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge reverse helper heap buffer overflow attempt RuleID : 41938 - Revision : 4 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge TypedArray setter arbitrary write attempt RuleID : 41937 - Revision : 2 - Type : BROWSER-IE |
| 2017-04-12 | Microsoft Edge TypedArray setter arbitrary write attempt RuleID : 41936 - Revision : 2 - Type : BROWSER-IE |
| 2017-03-16 | Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt RuleID : 41626 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-16 | Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt RuleID : 41625 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-16 | Microsoft Edge AsmJs memory corruption attempt RuleID : 41606 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-16 | Microsoft Edge AsmJs memory corruption attempt RuleID : 41605 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge Data URI same origin policy bypass attempt RuleID : 41594 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge Data URI same origin policy bypass attempt RuleID : 41593 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Internet Explorer DOMAttrModified event use after free attempt RuleID : 41584 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Internet Explorer DOMAttrModified event use after free attempt RuleID : 41583 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge CSS animation style information disclosure attempt RuleID : 41574 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge CSS animation style information disclosure attempt RuleID : 41573 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Internet Explorer array proto chain manipulation memory corruption ... RuleID : 41562 - Revision : 3 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Internet Explorer array proto chain manipulation memory corruption ... RuleID : 41561 - Revision : 3 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge Array out of bounds memory corruption attempt RuleID : 41560 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge Array out of bounds memory corruption attempt RuleID : 41559 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge Array out of bounds memory corruption attempt RuleID : 41558 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge Array out of bounds memory corruption attempt RuleID : 41557 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge url forgery attempt RuleID : 41554 - Revision : 4 - Type : BROWSER-IE |
| 2017-03-14 | Microsoft Edge url forgery attempt RuleID : 41553 - Revision : 4 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-03-14 | Name : The remote host has a web browser installed that is affected by multiple vuln... File : smb_nt_ms17-007.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:00:30 |
|
| 2020-05-23 00:54:09 |
|
| 2017-07-12 09:22:51 |
|
| 2017-03-20 17:22:37 |
|
| 2017-03-18 09:24:25 |
|
| 2017-03-17 09:24:12 |
|
