CVE-2021-34448
Published: 16 July 2021
Summary
CVE-2021-34448 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 6.8 (Medium).
Operationally, ranked in the top 12.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-16 (Memory Protection).
Deeper analysis
CVE-2021-34448 is a Scripting Engine Memory Corruption Vulnerability, identified by CWE-787 and carrying a CVSS 3.1 score of 6.8 reflecting network attack vector, high attack complexity, no required privileges, and required user interaction. The affected component is the scripting engine in Microsoft products.
An unauthenticated remote attacker can exploit the flaw by delivering specially crafted content that a user must interact with, resulting in memory corruption that yields high impact to confidentiality and integrity while leaving availability unaffected.
Microsoft has published an advisory detailing the issue at the referenced MSRC portal, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities.
Its inclusion in the CISA catalog indicates confirmed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-21103
Vulnerability details
Scripting Engine Memory Corruption Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements memory protections (e.g., ASLR, DEP, sandboxing) that block exploitation of the scripting-engine memory corruption (CWE-787) before arbitrary code execution occurs.
Restricts or sandbox-executes mobile code and scripts delivered via network content, directly limiting the attack vector that requires user interaction with crafted scripting payloads.
Malicious-code detection and blocking mechanisms can identify and stop known exploit payloads targeting the scripting engine before memory corruption is triggered.