High severity7.5NVD Advisory· Published Apr 12, 2017· Updated May 13, 2026

CVE-2017-0201

Description

A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093.

Affected products

Microsoft/Internet Explorer2 versions
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
Microsoft Corporation/Internet Explorerv5
Range: The Jscript and VBScript engine in Microsoft Internet Explorer 9 and Internet Explorer 10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0201nvdPatchVendor Advisory
www.securityfocus.com/bid/97454nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038238nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000