CVE-2017-0222

EPSS Score

Source: FIRST.org · 2026-05-23

65.3%

probability

This CVE has a 65.3% probability of being exploited in the next 30 days.

0% Top 98.5th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

7.6

HIGH

Access Vector

Network

Access Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.

Affected Products

Microsoft Corporation

Internet Explorer

Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016.

microsoft

internet explorer

Microsoft Corporation

Internet Explorer

Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows 10 Version 1511 for 32-bit Systems, Windows 10 Version 1511 for x64-based Systems, Windows 10 Version 1607 for 32-bit Systems, Windows 10 Version 1607 for x64-based Systems, Windows 10 Version 1703 for 32-bit Systems, Windows 10 Version 1703 for x64-based Systems, and Windows Server 2016.

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222

x_refsource_CONFIRM

http://www.securityfocus.com/bid/98127

vdb-entry x_refsource_BID

http://www.securitytracker.com/id/1038423

vdb-entry x_refsource_SECTRACK

EPSS Score

CVSS v3.1

CVSS v2 (legacy)

Description

Affected Products

Attack Intelligence

Google Project Zero

Signal Intelligence

CNA Information

Analyst Note

Triage Info