System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5124.json
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
epss	0.34129	https://api.first.org/data/v1/epss?cve=CVE-2017-5124
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2017-5124
cvssv3	6.1	https://nvd.nist.gov/vuln/detail/CVE-2017-5124
archlinux	Critical	https://security.archlinux.org/AVG-456
archlinux	Critical	https://security.archlinux.org/AVG-545

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5124.json
		https://api.first.org/data/v1/epss?cve=CVE-2017-5124
		https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
		https://chromium.googlesource.com/chromium/src/+/4558c2885e618557a674660aff57404d25537070
		https://crbug.com/762930
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15386
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15387
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15388
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15389
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15390
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15391
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15392
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15393
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15394
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15395
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15396
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15406
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5124
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5125
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5126
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5127
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5128
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5129
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5131
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5132
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5133
		https://github.com/Bo0oM/CVE-2017-5124
		https://security.gentoo.org/glsa/201710-24
		https://www.debian.org/security/2017/dsa-4020
		https://www.reddit.com/r/netsec/comments/7cus2h/chrome_61_uxss_exploit_cve20175124/
		http://www.securityfocus.com/bid/101482
1503530		https://bugzilla.redhat.com/show_bug.cgi?id=1503530
ASA-201710-27		https://security.archlinux.org/ASA-201710-27
ASA-201712-6		https://security.archlinux.org/ASA-201712-6
AVG-456		https://security.archlinux.org/AVG-456
AVG-545		https://security.archlinux.org/AVG-545
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-5124	Exploit	https://github.com/Bo0oM/CVE-2017-5124/tree/265c2f139cd404b3ba0e12b498642979ca89036c
CVE-2017-5124	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/45867.txt
CVE-2017-5124		https://nvd.nist.gov/vuln/detail/CVE-2017-5124
RHSA-2017:2997		https://access.redhat.com/errata/RHSA-2017:2997

Data source	Exploit-DB
Date added	Nov. 15, 2018
Description	Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting
Ransomware campaign use	Unknown
Source publication date	Oct. 3, 2017
Exploit type	local
Platform	multiple
Source update date	Nov. 15, 2018
Source URL	https://github.com/Bo0oM/CVE-2017-5124/tree/265c2f139cd404b3ba0e12b498642979ca89036c

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5124.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-5124

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-5124

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Percentile	0.96805
EPSS Score	0.34129
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T10:30:31.813518+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0