CVE-2017-0261
ENISA EUVD: EUVD-2017-0617 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
3 articles
EPSS Score
Source: FIRST.org · 2026-05-24
92.3%
probability
This CVE has a 92.3% probability
of being exploited in the next 30 days.
0%
Top 99.7th percentile of all CVEs
100%
CVSS v3.1
Source: NVD7.8
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
Project ZeroUse-after free in EPS restore operator
Affected Products
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Google Project Zero
Patched
May 9, 2017
Reported by
Genwei Jiang of FireEye, Inc., Steven Hunter of MSRC Vulnerabilities & Mitigations
Root Cause Analysis
???
Microsoft Fixes Malware Protection Engine and Several 0-Day Vulnerabilities, and Deprecates SHA-1
Qualys
May 09, 2017
Firefox 0-day Used in Targeted Attacks Against Cryptocurrency Firms
BleepingComputer
Jun 20, 2019
3 of 4 Zero-Days Microsoft Patched Yesterday Were Used by Russian Cyberspies
BleepingComputer
May 10, 2017
Signal Intelligence
Confidence
95%
EPSS
92.3%
CVSS v3.1
7.8
Mentions
3
Last Seen
Jun 20, 2019
CNA Information
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026