CVE-2017-8529

MEDIUM

Internet Explorer - Information Disclosure via Memory Object Handling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-8529. PoCs published by sfitpro, kaddirov.

AI-analyzed exploit summary This repository contains a PowerShell script and README for configuring a registry fix related to CVE-2017-8529, an information disclosure vulnerability in Microsoft Internet Explorer. The script applies a registry key to mitigate the vulnerability but does not include exploit code.

Description

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".

Exploits (2)

nomisec WRITEUP

by sfitpro · poc

https://github.com/sfitpro/cve-2017-8529

View Code ZIP pw:eip

This repository contains a PowerShell script and README for configuring a registry fix related to CVE-2017-8529, an information disclosure vulnerability in Microsoft Internet Explorer. The script applies a registry key to mitigate the vulnerability but does not include exploit code.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2017-8529)

Auth required

Prerequisites: Administrative access to target systems · CVE-2017-8529 patches installed

MITRE ATT&CK

T1112 - Modify Registry

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by kaddirov · poc

https://github.com/kaddirov/windows2016fixCVE-2017-8529

View Code ZIP pw:eip

This PowerShell script mitigates CVE-2017-8529 by setting registry keys to enable a fix for an information disclosure vulnerability in Internet Explorer. It ensures the FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX feature is enabled for iexplore.exe in both 32-bit and 64-bit registry paths.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (Windows Server 2016)

Auth required

Prerequisites: Administrative privileges to modify registry keys

MITRE ATT&CK

T1112 - Modify Registry

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98953

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529

Scores

CVSS v3 6.5

EPSS 0.2524

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-119

Status published

Products (5)

microsoft/edge

microsoft/internet_explorer 11

microsoft/internet_explorer 9

microsoft/internet_explorer 10

Microsoft Corporation/Internet Explorer Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows

Published Jun 15, 2017

Tracked Since Feb 18, 2026