Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability".
http://www.securityfocus.com/bid/101121
http://www.securitytracker.com/id/1039537
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11819
Source: MITRE
Published: 2017-10-13
Updated: 2017-11-03
Type: CWE-119
Base Score: 7.6
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 4.9
Severity: HIGH
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.6
Severity: HIGH