CVE-2017-8529

MEDIUM

Microsoft Internet Explorer - Memory Corruption

Title source: rule

Description

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".

Exploits (2)

nomisec WRITEUP

by sfitpro · poc

https://github.com/sfitpro/cve-2017-8529

View Code ZIP pw:eip

nomisec WORKING POC

by kaddirov · poc

https://github.com/kaddirov/windows2016fixCVE-2017-8529

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98953

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529

Scores

CVSS v3 6.5

EPSS 0.2524

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-119

Status published

Products (5)

microsoft/internet_explorer

microsoft/edge

microsoft/internet_explorer

microsoft/internet_explorer

Microsoft Corporation/Internet Explorer < Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows

Published Jun 15, 2017

Tracked Since Feb 18, 2026