Cyber Resilience

CVE-2021-34448

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 16 July 2021

Published
16 July 2021
Modified
29 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0312 87.1th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-34448 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 6.8 (Medium).

Operationally, ranked in the top 12.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-16 (Memory Protection).

Deeper analysis

CVE-2021-34448 is a Scripting Engine Memory Corruption Vulnerability, identified by CWE-787 and carrying a CVSS 3.1 score of 6.8 reflecting network attack vector, high attack complexity, no required privileges, and required user interaction. The affected component is the scripting engine in Microsoft products.

An unauthenticated remote attacker can exploit the flaw by delivering specially crafted content that a user must interact with, resulting in memory corruption that yields high impact to confidentiality and integrity while leaving availability unaffected.

Microsoft has published an advisory detailing the issue at the referenced MSRC portal, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities.

Its inclusion in the CISA catalog indicates confirmed real-world exploitation activity.

EU & UK References

Vulnerability details

Scripting Engine Memory Corruption Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19003
microsoft
windows 10 1607
≤ 10.0.14393.4530
microsoft
windows 10 1809
≤ 10.0.17763.2061
microsoft
windows 10 1909
≤ 10.0.18363.1679
microsoft
windows 10 2004
≤ 10.0.19041.1110
microsoft
windows 10 20h2
≤ 10.0.19042.1110
microsoft
windows 10 21h1
≤ 10.0.19043.1110
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements memory protections (e.g., ASLR, DEP, sandboxing) that block exploitation of the scripting-engine memory corruption (CWE-787) before arbitrary code execution occurs.

prevent

Restricts or sandbox-executes mobile code and scripts delivered via network content, directly limiting the attack vector that requires user interaction with crafted scripting payloads.

preventdetect

Malicious-code detection and blocking mechanisms can identify and stop known exploit payloads targeting the scripting engine before memory corruption is triggered.

References