Home Microsoft CVE-2017-0149
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Microsoft

CVE-2017-0149

Exploited

Microsoft Internet Explorer - Browser Engine

Microsoft CVSS 8.8 Updated April 30, 2026

Executive Risk Summary

"A memory corruption vulnerability exists in Microsoft Internet Explorer 9 through 11, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This vulnerability can be exploited by an unauthenticated attacker, potentially leading to system compromise."

Anticipated Attack Path

  1. 1. Initial Exploitation: Attacker crafts a malicious web site
  2. 2. Privilege Escalation: Exploits memory corruption vulnerability in Internet Explorer
  3. 3. Persistence: Establishes a foothold on the compromised system

Am I Vulnerable?

  • Verify Internet Explorer version and apply relevant patches
  • Implement web content filtering to block malicious web sites
  • Monitor system logs for suspicious activity

Operational Audit Arsenal

Target Type Process
Target Asset iexplore.exe
Standard Path C:\Program Files\Internet Explorer\iexplore.exe
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: iexplore.exe (Process)
$Targets = 'iexplore.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Potential disruption to web browsing and related services

Internal Work Notes

CVE-2017-0149: Internet Explorer Memory Corruption Vulnerability - Apply patches and implement web content filtering to mitigate risk.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttp://www.securityfocus.com/bid/96724
Official Advisoryhttp://www.securitytracker.com/id/1038008
MSRC Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149
Official Advisoryhttp://www.securityfocus.com/bid/96724
Official Advisoryhttp://www.securitytracker.com/id/1038008
MSRC Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0149

Related Microsoft Threats

CVE-2026-42901 CVSS 10

Microsoft Entra ID
CVE-2025-65041 CVSS 10

Microsoft Partner Center
CVE-2026-31957 CVSS 10

Microsoft Azure Entra ID and Intune - Himmelblau
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.