Exploitation Summary
CVE-2017-0210 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 24, 2022.
Description
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97512
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038238
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0210
Scores
CVSS v3
8.8
EPSS
0.4296
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-05-24
VulnCheck KEV
2017-04-11
InTheWild.io
2017-04-11
ENISA EUVD
EUVD-2017-0576
Status
published
Products (3)
microsoft/internet_explorer
10
microsoft/internet_explorer
11
Microsoft Corporation/Internet Explorer
Internet Explorer 10 and Internet Explorer 11
Published
Apr 12, 2017
KEV Added
May 24, 2022
Tracked Since
Feb 18, 2026