CVE-2017-11907

HIGH

Microsoft Windows - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-11907. PoCs published by Google Security Research, AV1080p.

AI-analyzed exploit summary This PoC exploits a heap overflow vulnerability in jscript.dll (CVE-2017-11907) by manipulating array elements during sorting, leading to memory corruption. The exploit targets Internet Explorer via JScript and triggers a crash in JsArrayStringHeapSort or JsArrayFunctionHeapSort.

Description

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Google Security Research · htmldoswindows
https://www.exploit-db.com/exploits/43370

This PoC exploits a heap overflow vulnerability in jscript.dll (CVE-2017-11907) by manipulating array elements during sorting, leading to memory corruption. The exploit targets Internet Explorer via JScript and triggers a crash in JsArrayStringHeapSort or JsArrayFunctionHeapSort.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer (jscript.dll)
No auth needed
Prerequisites: Internet Explorer with JScript enabled · Page heap may be required to observe the crash
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 5 stars
by AV1080p · poc
https://github.com/AV1080p/CVE-2017-11907

This repository contains a proof-of-concept exploit for CVE-2017-11907, targeting a vulnerability in Microsoft's OLE technology. The exploit leverages a custom COM object and RPC callback to achieve remote code execution by impersonating a client and spawning a command shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows (OLE/COM)
No auth needed
Prerequisites: Target system must be vulnerable to CVE-2017-11907 · Attacker must deliver the exploit via a malicious webpage or document
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102045
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039991
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43370/

Scores

CVSS v3 7.5
EPSS 0.7616
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (4)
microsoft/internet_explorer 11
microsoft/internet_explorer 10
microsoft/internet_explorer 9
Microsoft Corporation/Internet Explorer Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Ser
Published Dec 12, 2017
Tracked Since Feb 18, 2026