CVE-2017-8594

HIGH

Microsoft Internet Explorer - Memory Corruption

Title source: rule

Description

Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldoswindows

https://www.exploit-db.com/exploits/42336

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99401

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8594

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42336/

Scores

CVSS v3 7.5

EPSS 0.5107

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (2)

microsoft/internet_explorer 11

Microsoft Corporation/Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 Internet Explorer

Published Jul 11, 2017

Tracked Since Feb 18, 2026